The Ponemon ‘Cost of a Security Breach” report has just been published. It’s now in its 17th year, so it has become the definitive source of information on the state of cybersecurity preparedness and the impact of breaches.
As usual, the report includes interesting insights and, for the first time, the report can show the impact of remote working due to the COVID pandemic.
The main headline will be widely reported: the average cost of a breach has risen by 10% to $4.24 million (up from $3.86m in 2020). That’s the global average. In the UK, the average cost has risen from $3.90m to $4.67m. For data normalisation, Ponemon only reports in USD, as a rough estimate, that’s around £3.35m. There are probably several reasons why the costs have increased, but remote working is a significant contributor as the average cost is estimated to be $1.07m higher when remote working is involved.
For me, some other topics are worth considering ...
Ponemon estimates the average cost of a ransomware attack is $4.62m, which is above average.
They say that malicious attacks that destroyed data were even slightly higher, averaging $4.69 million. The percentage of companies where ransomware was a factor in the breach was 7.8%. That seems a little on the low side, in my opinion, as I’ve seen other data showing the number of ransomware increasing rapidly.
Ransomware attacks are growing in complexity, especially in how they can identify and compromise the most valuable accounts such as Domain Admins. Osirium CTO Andy Harris wrote about the “lateral movement” threat, and Osirium offers a special package to protect backups from ransomware attacks.
Adopting a “Zero Trust” approach to cybersecurity shows significant benefit, according to the Ponemon data. “The average cost of a breach was $5.04 million for those without zero trust deployed. Yet in the mature stage of zero trust deployment, the average cost of a breach was $3.28 million, $1.76 million less than organisations without zero trust, representing a 2.3% difference.”
Zero trust is still in relative infancy, with only 35% of organisations having it deployed. A little worryingly, almost half of organisations have no plans in place to deploy zero trust. There may be many reasons for the slow adoption: for many it looks too complicated or may restrict agile operations, but a pragmatic approach can be highly effective and affordable.
When the pandemic struck and working from home became the recommended, or only, way to work, many organisations had to make big changes fast.
Those changes came at a cost for cybersecurity. “The average total cost of a data breach was more than $1 million higher where remote working was a factor in causing the breach compared to breaches where remote working was not a factor.” The average total cost of a data breach was $4.96 million compared to $3.89 million where remote working was not a factor.
There could be multiple contributory factors, but a key one is that it takes more than 50% longer than average time to identify and contain a data breach.
Perhaps one of the less surprising results is how important compromised credentials are in attacks. According to Ponemon, credential compromise is the most common initial attack vector, involved in 20% of all attacks. Phishing, which can lead to credential compromise or installation of malware or ransomware, is number 2 on the list, at 17%.
Of course, stealing user credentials is just a gateway to more powerful administrator credentials thought to be involved in over 80% of all attacks.
It’s worth taking some time to understand the Ponemon report, reviewing where the risks lie, and asking whether it is better to wait and pay these costs or be proactive and move toward zero trust and privileged access management faster? If you’d like to discuss the options with an expert, please get in touch.