Customer Personal Data Exposed in 80% of Breaches Analyzed; AI and Automation Significantly Reduce Costs

CAMBRIDGE, Massachusetts » July 29, 2020 » IBM » $3.86 million

, /PRNewswire/ — IBM Security (NYSE: ) announced today the results of a global study examining the financial impact of data breaches, revealing that these incidents cost companies studied per breach on average, and that compromised employee accounts were the most expensive root cause. Based on in-depth analysis of data breaches experienced by over 500 organizations worldwide, 80% of these incidents resulted in the exposure of customers’ personally identifiable information (PII). Out of all types of data exposed in these breaches, customer PII was also the costliest to businesses studied.


As companies are increasingly accessing sensitive data via new remote work and cloud-based business operations, the report sheds light on the financial losses that organizations can suffer if this data is compromised. A separate IBM found that over half of surveyed employees new to working from home due to the pandemic have not been provided with new guidelines on how to handle customer PII, despite the changing risk models associated with this shift.

2020 Cost of a Data Breach Report » 1

Sponsored by IBM Security and conducted by the Ponemon Institute, the  is based on in-depth interviews with more than 3,200 security professional in organizations that suffered a data breach over the past year. Some of the top findings from this year’s report include:

Wendi Whitmore

“When it comes to businesses’ ability to mitigate the impact of a data breach, we’re beginning to see a clear advantage held by companies that have invested in automated technologies,” said , Vice President, IBM X-Force Threat Intelligence. “At a time when businesses are expanding their digital footprint at an accelerated pace and the security industry’s talent shortage persists, teams can be overwhelmed securing more devices, systems and data. Security automation can help resolve this burden, not only supporting a faster breach response but a more cost-efficient one as well.”

Employee Credentials and Misconfigured Clouds ­– Attackers’ Entry Point of Choice » over 8.5 billion records

Stolen or compromised credentials and cloud misconfigurations were the most common causes of a malicious breach for companies in the report, representing nearly 40% of malicious incidents. With  exposed in 2019, and attackers using previously exposed emails and passwords in one out of five breaches studied, businesses should rethink their security strategy via the adoption of a zero-trust approach – reexamining how they authenticate users and the extent of access users are granted.

$4.41 million

Similarly, companies’ struggle with security complexity – a top breach cost factor – is likely contributing to cloud misconfigurations becoming a growing security challenge. The 2020 report revealed that attackers used cloud misconfigurations to breach networks nearly 20% of the time, increasing breach costs by more than half a million dollars to on average – making it the third most expensive initial infection vector examined in the report.

State Sponsored Attacks Strike Heaviest » $4.43 million

Despite representing just 13% of malicious breaches studied, state-sponsored threat actors were the most damaging type of adversary according to the 2020 report, suggesting that financially motivated attacks (53%) don’t necessarily translate into higher financial losses for businesses. The highly tactical nature, longevity and stealth maneuvers of state-backed attacks, as well as the high value data targeted, often result in a more extensive compromise of victim environments, increasing breach costs to an average of .

Middle East » 3 » $6.52 million » $6.39 million

In fact, the respondents in the , a region that historically experiences a higher proportion of state-sponsored attacks compared to other parts of the world, saw over 9% yearly rise in their average breach cost, incurring the second highest average breach cost () amongst the 17 regions studied. Similarly, businesses studied in the energy sector, one of the most frequently targeted industries by nation states, experienced a 14% increase in breach costs year over year, averaging .

Advanced Security Technologies Prove Smart for Business » $3.58 million » $2 million » $1.55 million

The report highlights the growing divide in breach costs between businesses implementing advanced security technologies and those lagging behind, revealing a cost-saving difference of for studied companies with fully deployed security automation versus those that have yet to deploy this type of technology. The cost gap has grown by , from a difference of in 2018.

Companies in the study with fully deployed security automation also reported a significantly shorter response time to breaches, another key factor shown to reduce breach costs in the analysis. The report found that AI, machine learning, analytics and other forms of security automation enabled companies to respond to breaches over 27% faster on average, than companies that have yet to deploy security automation – the latter of which require on average 74 additional days to identify and contain a breach.

$5.29 million » $2 million

Incident response (IR) preparedness also continues to heavily influence the financial aftermath of a breach. According to the report, companies with neither an IR team nor testing of IR plans experience in average breach costs, whereas companies that have both an IR team and use tabletop exercises or simulations to test IR plans experience less in breach costs – reaffirming that preparedness and readiness yield a significant ROI in cybersecurity.

Some additional findings from this year’s report include:

About the Study » August 2019 » April 2020

The annual Cost of a Data Breach Report is based on in-depth analysis of real-world data breaches experienced by over 500 organizations worldwide taking place between and , taking into account hundreds of cost factors including legal, regulatory and technical activities to loss of brand equity, customers, and employee productivity.

2020 Cost of a Data Breach Report

To download a copy of the , please visit:

Wednesday, August 12, 2020 » 11:00 a.m. ET »

Sign up for the 2020 Cost of a Data Breach Report webinar on at here:

About IBM Security » » IBMSecurity » IBM Security Intelligence blog

IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM X-Force® research, enables organizations to effectively manage risk and defend against emerging threats. IBM operates one of the world’s broadest security research, development and delivery organizations, monitors 70 billion security events per day in more than 130 countries, and has been granted more than 10,000 security patents worldwide. For more information, please check , follow @ on Twitter or visit the .

1 » August 2019 » April 2020 »
2 »
3 »

 Report analyzes data breaches occurring between and . Limitations of the report’s methodology can be found in the report. The 2020 Cost of a Data Breach Report examines the cost of a mega breach, namely breaches involving the loss or theft of one million records or more, based on a separate analysis of a specific sample. According to the IBM 2020 X-Force Threat Intelligence Index:

Press Contact: »
Georgia Prassinos » »

IBM Security Media Relations (571) 365-6065 »

Photo – Logo –  

Leave a Reply

Your email address will not be published. Required fields are marked *