IBM Security has released the annual Cost of a Data Breach Report, revealing costlier and higher-impact data breaches than ever before, with the average cost of a data breach in South Africa reaching an all-time high of R49,25-million for surveyed organisations.

With breach costs increasing nearly 20% over the last two years of the report, the findings suggest that security incidents became more costly and harder to contain compared to the year prior.

The 2022 report revealed that the average time to detect and contain a data breach was at its highest in seven years for organisations in South Africa – taking 247 days (187 to detect, 60 to contain). Companies that contained a breach in under 200 days were revealed to save almost R12-million – while breaches cost organisations R2 650 per lost or stolen record on average.

The 2022 Cost of a Data Breach Report is based on in-depth analysis of real-world data breaches experienced by 550 organisations globally between March 2021 and March 2022. The research, which was sponsored and analysed by IBM Security, was conducted by the Ponemon Institute.

“As this year’s report reveals – organisations must adopt the right strategies coupled with the right technologies can help make all the difference when they are attacked. Businesses today need to continuously look into solutions that reduce complexity and speed up response to cyber threats across the hybrid cloud environment – minimising the impact of attacks,” says Ria Pinto, GM and technology leader at IBM South Africa.

Some of the key findings in the 2022 IBM report include:

* Security Immaturity in Clouds – Organisations studied which had mature security across their cloud environments, the costs of a breach were observed to be R4-million lower than those that were in the midstage and applied many practices across their organisation.

* Incident Response Testing is a Multi-Million Rand Cost Saver – Organisations with an Incident Response (IR) team saved over R3,4-million, while those that extensively tested their IR plan lowered the cost of a breach by over R2,6-million, the study revealed. The study also found that organisations which deployed security AI or analytics incurred over R2-million less on average in breach costs compared to studied organisations that have not deployed either technology- making them the top mitigating factors shown to reduce the cost of a breach.

* Cloud Misconfiguration, Malicious Insider Attacks and Stolen Credentials are Costliest Breach Causes – Cloud misconfiguration reigned as the costliest cause of a breach (R58,6-million), malicious insider attacks came in second (R55-million) and the stolen credentials came in third, leading to R53-million in average breach costs for responding organisations.

* Financial Services organisations experienced the Highest Breach Costs – Financial participants saw the costliest breaches amongst industries with average breach costs reaching a high of R4,9-million per record. This was followed by the industrial sector with losses per record reaching R4,7-million.

Hybrid Cloud Advantage

Globally, the report also showcased hybrid cloud environments as the most prevalent (45%) infrastructure amongst organisations studied. Global findings revealed that organisations that adopted a hybrid cloud model observed lower breach costs compared to businesses with a solely public or private cloud model. In fact, hybrid cloud adopters studied were able to identify and contain data breaches 15 days faster on average than the global average of 277 days for participants.

The report highlights that 45% of studied breaches globally occurred in the cloud, emphasising the importance of cloud security.

South African businesses studied that had not started to deploy zero trust security practices across their cloud environments suffered losses averaging R56-million. Those in the mature stages of deployment decreased this cost significantly – recording R20-million savings as their total cost of a data breach was found to be R36-million.

The study revealed that more businesses are implementing security practices to protect their cloud environments, lowering breach costs with 44% of reporting organisations stating their zero-trust deployment is in the mature stage and another 42% revealing they are in the midstage.