Cyber attacks cost R$5.88 million for companies in Brazil

Data breach costs on average R$5.88 million for companies in Brazil.
IBM Security announced the results of a global study examining the financial impact of data breaches, revealing that a breach costs companies an estimated $3.8 million globally, and compromised employee accounts were the most expensive cause.
By analyzing data breaches suffered by more than 500 organizations worldwide, 80% of the incidents studied resulted in the exposure of personal customer identification information (PII). Among all the types of data exposed in these breaches, personal customer information was also the most expensive for companies.
The report points to the financial losses organizations can suffer if data is compromised as companies increasingly access sensitive data through remote work and cloud business operations.
Another IBM study found that more than half of employees who started working from home due to the pandemic did not receive new guidance on how to handle personal customer information.
Sponsored by IBM Security and conducted by the Ponemon Institute, the Cost of Data Breach 2020 is based on interviews with more than 3,200 security professionals in organizations that have experienced a data breach over the past year. Some of the report's key findings include:
-· Smart technology reduces breach cost in half: Companies that have implemented security automation technologies (which use AI, data analysis, and automated orchestration to identify and respond to security events) had less than half of the data breach costs compared to those that didn't implement those tools - $2.45 million vs. $6.03 million on average.
-· Payment for compromised credentials: In incidents where attackers access the corporate network using compromised or stolen credentials, organizations have seen the cost of data breaches nearly $1 million higher than the global average, reaching $4.77 million per breach. Malicious attacks, which exploit the vulnerability of third parties, was the second most costly source ($4.5 million) for this group.
-· Cost of mega violations increases by the millions: the costs of so-called mega violations, in which more than 50 million records are compromised, rose from $388 million to $392 million. Violations in which 40 - 50 million records were exposed cost companies $364 million on average, an increase of $19 million compared to the 2019 report.
-· Nation-state attacks - the most damaging violation: data breaches that may have originated from nation-state attacks were the most expensive compared to other threat actors examined in the report. Known as "state-sponsored attacks," these attacks averaged $4.43 million in data breach costs, surpassing financially motivated cybercriminals and hackactivists.
"When it comes to the ability to mitigate the impact of a data breach, we're starting to see a clear advantage of companies that have invested in automated technologies," said Wendi Whitmore, vice president of IBM X-Force Threat Intelligence. "At a time when companies are expanding their digital presence at an accelerated pace and the lack of skills in the security industry persists, teams can be overwhelmed by protecting more devices, systems, and data. Cybersecurity automation can help address this burden, enabling a faster and significantly more cost-effective response to the breach."
Stolen or compromised credentials and clouds with incorrect settings were the most common causes of malicious violations for the companies that participated in the study, accounting for approximately 40% of the incidents.
With more than 8.5 billion records exposed in 2019 and attackers using previously exposed emails and passwords in one in five violations studied, companies are rethinking their security strategy by adopting the zero trust approach - re-examining how they authenticate users and how the extension of access to users is granted.
Similarly, companies' struggle with security complexity - the main cost factor of breaches - is contributing to incorrect cloud configurations becoming a growing security challenge. The 2020 report revealed that attackers used incorrect cloud settings to breach networks 20% of the time, increasing the cost of breaches to $4.41 million on average.
The report highlights the growing divide in the cost of breaches between companies that have implemented advanced security technologies and those that are lagging behind, revealing a $3.58 million savings gap for companies with fully implemented security automation versus those that have not yet implemented this type of solution.
The companies participating in the study that relied on fully implemented security automation also reported significantly shorter response time to violations, another key factor shown to reduce breach costs in the analysis. The report found that artificial intelligence, machine learning, data analytics, and other forms of security automation have allowed companies to respond to breaches up to 27 percent faster than companies that have not yet deployed security automation.
Preparedness for incident response also strongly influences the financial consequences of a breach. Companies that do not have a designated team or test incident response plans suffer on average at a cost of $5.29 million in violation, while companies that have dedicated teams, tests, and simulations suffer less than $2 million in cost of violations. This reaffirms that readiness and readiness generate significant ROI in cybersecurity.
Some additional items from this year's report include:
-· Risks of remote work come at a price - With hybrid work models creating less controlled environments, the report found that 70% of companies that have adopted teleworking amid the pandemic expect the cost of data breaches to worsen.
-· CISOs blamed for failures for violations, despite limited decision-making power: 46% of respondents said that CISO/CSO is responsible for violations, although only 27% say decision-making on security and technology policy comes from CISO/CSO. The report concluded that the appointment of a CISO was associated with a savings of $145,000 versus the average cost per violation.
Regional and industry trends:
-· The study looked at the cost of data breaches in different industries and regions, finding that data breaches in the United States are much more expensive, costing $8.64 million on average.
-· In Brazil, the average cost of data breach is R$5.88 million (about US$1.12 million), an increase of 10.5% over the previous year compared to the value in Reais (R$ 5.32 million in 2019). The study also noted an increase in the number of days to identify the data breach, which rose from 250 to 265, and to contain the breach, which grew from 111 to 115 days compared to 2019.
-· Globally, the healthcare industry continues to have the highest average breach costs, with $7.13 million - an increase of more than 10% compared to the 2019 study.
The annual Data Breach Cost Report is based on deep real data breach analyses that occurred between August 2019 and April 2020, taking into account hundreds of factors including legal, regulatory, and technical activities for the loss of brand value, consumers, and employee productivity.