Data breaches now cost SA firms 15% more per incident
Data breaches now cost South African companies $3 million (R46 million) per incident on average − the highest cost in six years.
This is according to the 2021 Cost of a Data Breach Report conducted by IBM Security and Ponemon Institute, based on in-depth analysis of real-world data breaches experienced by organisations in SA.
The report takes into account the cost factors involved in data breach incidents, from legal, regulatory and technical activities, to loss of brand equity, customers and employee productivity.
It found that security incidents became more costly and harder to contain due to drastic operational shifts during the pandemic, with costs rising by 15% for South African organisations, compared to the prior year.
According to the report, businesses were forced to quickly adapt their technology approach last year, with many companies encouraging or requiring employees to work from home, and 60% of organisations moving further into cloud-based activities during the pandemic.
The findings from IBM suggest that security may have lagged behind as a result of the pandemic, hindering organisations’ ability to respond to data breaches. The average time to detect and contain a data breach was at its highest in six years for organisations in SA – taking 237 days (184 days to detect, 53 days to contain).
Companies that contained a breach in under 200 days were found to save almost R7 million, while it cost organisations R2 300 per lost or stolen record on average.
“Organisations in SA are faced with a growing remote workforce, which results in sensitive data moving across less controlled environments, making it more vulnerable to a data breach,” says Sheldon Hand, business unit leader: data, AI, automation and security at IBM Southern Africa.
“This increases the need to safeguard sensitive data at rest and in transit. Organisations need to double-down on protecting their most valuable data – whether it’s customer, employee or company information – and ensure they have advanced security processes, like automation and formal incident response teams, in place.”
The study found data breaches in the financial, industrial and services industries were most expensive by industry – costing R1 548 per record.
While certain IT shifts during the pandemic increased data breach costs, organisations that said they did not implement any digital transformation projects in order to modernise their business operations during the pandemic actually incurred higher data breach costs.
The cost of a breach was $660 000 higher than average at organisations that had not undergone any digital transformation due to COVID-19, in comparison to those at a mature stage, notes the report.
South African organisations with a mature zero trust strategy had an average data breach cost of $1.9 million, which was $1.6 million lower than those that had not deployed this approach at all.
“Investments in incident response teams and plans also reduced data breach costs amongst those studied. Companies with an incident response team that also tested their incident response plan managed to save $198 000 in the case of a data breach, while those that had put an incident response team in place, cut the average cost by $178 000,” according to the report.