Ponemon Institute s 2018 Cost of a Data Breach Study

Similar documents
2017 Cost of Data Breach Study

IBM MaaS360 Kiosk Mode Settings

ISAM Federation STANDARDS AND MAPPINGS. Gabriel Bell IBM Security L2 Support Jack Yarborough IBM Security L2 Support.

ISAM Advanced Access Control

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

Fabrizio Patriarca. Come creare valore dalla GDPR

MSS VSOC Portal Single Sign-On Using IBM id IBM Corporation

Cybersecurity. You have been breached; What Happens Next THE CHALLENGE FOR THE FINANCIAL SERVICES INDUSTRY

Threat Intelligence to enhance Cyber Resiliency KEVIN ALBANO GLOBAL THREAT INTELLIGENCE LEAD IBM X-FORCE INCIDENT RESPONSE AND INTELLIGENCE SERVICES

May the (IBM) X-Force Be With You

ISO in the world today

Integrated, Intelligence driven Cyber Threat Hunting

IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT

The New Era of Cognitive Security

Predators are lurking in the Dark Web - is your network vulnerable?

Securing global enterprise with innovation

The McGill University Health Centre (MUHC)

How to Secure Your Cloud with...a Cloud?

Be effective in protecting against the cybercrime

IBM Security. Endpoint Manager- BigFix. Daniel Joksch Security Sales IBM Corporation

2012 Cost of Cyber Crime Study: United States

2013 Cost of Cyber Crime Study: Global Report

Uncovering the Risk of SAP Cyber Breaches

Le sfide di oggi, l evoluzione e le nuove opportunità: il punto di vista e la strategia IBM per la Sicurezza

Security Update PCI Compliance

2015 VORMETRIC INSIDER THREAT REPORT

XGS & QRadar Integration

Junction SSL Debugging With Wireshark

IBM Application Security on Cloud

2014 Global Report on the Cost of Cyber Crime

Healthcare Cognitive Security

Configuring zsecure To Send Data to QRadar

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

GLOBAL ENCRYPTION TRENDS STUDY

Reducing Cybersecurity Costs & Risk through Automation Technologies

Digital Forensics - Global Market Outlook ( )

IBM Threat Protection System: XGS - QRadar Integration

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

The Cost of Denial-of-Services Attacks

Conducted by Vanson Bourne Research

Data Loss Prevention - Global Market Outlook ( )

IBM Security Network Protection Solutions

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

COST OF CYBER CRIME STUDY

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Disk Space Management of ISAM Appliance

BigFix 101- Server Pricing

Securing Your Digital Transformation

IBM Next Generation Intrusion Prevention System

Business continuity management and cyber resiliency

XGS: Making use of Logs and Captures

IBM Guardium Data Encryption

Security Support Open Mic: ISNP High Availability and Bypass

IBM Security Network Protection Open Mic - Thursday, 31 March 2016

CipherCloud CASB+ Connector for ServiceNow

Incident Response and Cybersecurity: A View from the Boardroom

GLOBAL ENCRYPTION TRENDS STUDY

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

Service Description. IBM Aspera Files. 1. Cloud Service. 1.1 IBM Aspera Files Personal Edition. 1.2 IBM Aspera Files Business Edition

IBM Security Guardium: : Sniffer restart & High CPU correlation alerts

USING QUALYSGUARD TO MEET SOX COMPLIANCE & IT CONTROL OBJECTIVES

Background FAST FACTS

The Third Annual Study on the Cyber Resilient Organization

First aid toolkit for the management of data breaches. Mary Deligianni Senior Associate 15 February 2018

Security Support Open Mic Build Your Own POC Setup

Gujarat Forensic Sciences University

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

Are we breached? Deloitte's Cyber Threat Hunting

Data Protection Risks & Regulations in the Global Economy

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

RSA NetWitness Suite Respond in Minutes, Not Months

locuz.com SOC Services

CYBER INSURANCE: MANAGING THE RISK

INTELLIGENCE DRIVEN GRC FOR SECURITY

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape

Cyber Risks in the Boardroom Conference

Compliance and Event Monitoring Using the PowerSC Tools for IBM i Compliance Monitoring and Reporting Tool

Third Annual Green IT & Sustainability Survey: U.S. Results and Services Implications

Mastering The Endpoint

GDPR COMPLIANCE REPORT

NYDFS Cybersecurity Regulations

Cyber Security Incident Response Fighting Fire with Fire

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

Cyber Risk and Third Party Risk Management. Lisa Murphy First Horizon National Corporation

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

SECURITY SERVICES SECURITY

Sponsored by Raytheon. Don t Wait: The Evolution of Proactive Threat Hunting Executive Summary

You ve Been Hacked Now What? Incident Response Tabletop Exercise

DeMystifying Data Breaches and Information Security Compliance

BigFix Query Unleashed!

GDPR: An Opportunity to Transform Your Security Operations

T11: Incident Response Clinic Kieran Norton, Deloitte & Touche

Healthcare HIPAA and Cybersecurity Update

Combating Cyber Risk in the Supply Chain

EMC GLOBAL DATA PROTECTION INDEX KEY FINDINGS & RESULTS FOR BRAZIL

2017 RIMS CYBER SURVEY

Transcription:

Ponemon Institute s 2018 Cost of a Data Breach Study September 18, 2018 1 IBM Security

Speakers Deborah Snyder CISO State of New York Dr. Larry Ponemon Chairman and Founder Ponemon Institute Megan Powell Product Marketing Manager IBM Security 2 IBM Security

What is the TRUE cost of a data breach? BENCHMARK RESEARCH SPONSORED BY IBM SECURITY INDEPENDENTLY CONDUCTED BY PONEMON INSTITUTE JULY 2018

The 2018 Cost of a Data Breach Demographics 2,200+ interviews 477 companies 15 countries or regions 17 industries Industries Countries/regions Health, 1% Media, 1% Hospitality, 2% Pharmaceuticals, 3% Energy, 3% Communications, 4% Consumer,5% Transportation, 5% Public, 7% Retail, 7% Education, 1% Research, <1% Entertainment, <1% Technology, 13% Financial, 16% Services, 15% Industrial, 14% South Africa, 4% South Korea, 5% Italy, 5% Australia, 5% Canada, 6% ASEAN, 4% Middle East, 6% Japan 6% Turkey, 4% France 8% United States, 14% Brazil, 8% Germany 7% United Kingdom, 9% India, 9% 4 IBM Security

Are you focusing on the right things? What are the odds of. Winning the Powerball? Getting struck by lightning? Finding a pearl in an oyster? Getting an IRS audit? 1 in 292,201,338 1 in 1,083,000 1 in 12,000 1 in 160 5 IBM Security

The odds are much greater that you will experience a data breach Brazil 43% South Africa 41% France 35% India 35% MEA 33% Experiencing a data breach? Turkey United Kingdom United States ASEAN 30% 27% 27% 27% 1 in 4 Italy South Korea 25% 25% (Global average 28%) Japan Canada Australia Germany 22% 18% 17% 14% Probability that an organization in the study will experience a data breach over two-year period 6 IBM Security

Global findings at a glance $3.86M 6.4 % Average total cost of data breach $148 4.8 % Average cost per record lost or stolen 24,615 2.2 % Average number of breached records 27.9% Likelihood of a recurring material breach over two years 419 companies participated Currency: US dollar Per-record costs for top three industries $408 Health $206 Financial $181 Services 7 IBM Security

Costs and trends vary widely across countries in the study Canada $202/$4.74M UK $148/$3.68M US $225/$7.91M Middle East $163/$5.31M Germany $188/$4.67M France $169/$4.27M Italy $152/$3.43M Turkey $105/$2.16M India $68/$1.77M S. Korea $139/$2.88M Japan $135/ $3.38M Brazil $67/$1.24M ASEAN $125/$2.53M South Africa $142/ $2.90M Australia $108 $1.99M Currencies converted to US dollars; no comparison data for Turkey & S. Korea 8 IBM Security

United States at a glance $7.91M 7 % Average total cost of data breach $233 3 % Average cost per record lost or stolen 31,465 Average number of breached records $4.20M Average cost of lost business 15 years in the study 65 companies participated Currency: US dollar Industries with the highest abnormal churn rate 7.5% Financial 6.7% Health 6.3% Pharmaceuticals 9 IBM Security

The largest component of the total cost of a data breach is lost business Components of the $3.86 million cost per data breach Lost business cost $1.45 million Abnormal turnover of customers, increased customer acquisition cost, reputation losses, diminished goodwill $3.86 million Detection and escalation $1.23 million Forensics, root cause determination, organizing incident response team, assessment and audit services Post-breach response $1.02 million Help desk, inbound communications, special investigations, remediation, legal expenditures, product discounts, identity protection service, regulatory interventions 10 IBM Security Notification $0.16 million Disclosure of data breach to victims and regulators Currencies converted to US dollars

Public Sector Organizations at a Glance 32 public sector organizations (6.7% of the total benchmark sample) Per capita cost for public sector organizations is $75 per compromised record Total average cost for public sector organizations is $2.3 million Top factors that decrease breach cost for public sector organizations: Extensive use of encryption Formation of an IR team Employee training Top factors that increase breach cost for public sector organizations: 3 rd party involvement in the breach Compliance failure Extensive cloud migration Mean time to identify the breach is 190 days Mean time to contain the breach is 57 days 11 IBM Security

Hackers and criminal insiders continue to cause most data breaches $128 per record to resolve $131 per record to resolve Human error 27% System glitch 25% Malicious or criminal attack 48% $157 per record to resolve Currencies converted to US dollars 12 IBM Security

Gaining visibility and responding faster help to reduce costs Mean time to identify (MTTI) (The time it takes to detect that an incident has occurred) Mean time to contain (MTTC) (The time it takes to resolve a situation and ultimately restore service) $4.21 $3.83 $4.25 $3.77 $3.11 $2.80 $3.09 $2.83 MTTI < 100 days MTTI > 100 days Total cost, in millions FY 2018 FY 2017 MTTC < 30 days MTTC > 30 days Total cost, in millions Currencies converted to US dollars 13 IBM Security

New this year: The impact of security automation 14 IBM Security

The current state of security automation: our findings Current state of security automation Cost impacts by level of deployment 34% 38% $2.88 $3.39 $4.43 15% 13% Fully deployed Partially deployed Plan to deploy within 24 months Not deployed Fully deployedpartially deployednot deployed Average total cost, in millions Currencies converted to US dollars 15 IBM Security

What you can do to help reduce the cost of a data breach Amount by which the cost-per-record was lowered Incident response team Extensive use of encryption BCM involvement Employee training Participation in threat sharing Artificial intelligence platform Use of security analytics Extensive use of DLP Board-level involvement CISO appointed Data classification Insurance protection CPO appointed $1.80 $9.30 $9.30 $8.70 $8.20 $6.90 $6.80 $6.50 $6.50 $5.10 $4.80 $14.00 $13.10 * * Savings are higher than 2017 No comparable data 16 IBM Security Currencies converted to US dollars

Also new this year: The mega breach 17 IBM Security

The average total cost of a mega breach 18 IBM Security

Key takeaways from this year s study 1 2 3 4 5 6 Visibility Lost business is the biggest financial consequence of a data breach A proactive approach to incident response can significantly reduce cost and impact of a breach Disruptive technologies like cloud and mobile add complexity and cost Having the right skills, expertise and knowledge from operations to the C- Suite can impact an organization s ability to reduce the cost of a data breach Investing in security technologies such as analytics, SIEM and encryption can help prevent breaches as well as reduce cost across the incident life cycle is critical to identifying threats, prioritizing response and identifying data at risk 19 IBM Security

Engage with the numbers New this year! Security Self Assessment Go to ibm.com/security/data-breach and register to download the report, see what the data breach numbers look like for you in the calculator, and take a security posture selfassessment Go to ibm.com/security/services to learn how IBM Security Services can help in your journey to reduce impact of and exposure to a data breach 20 IBM Security

THANK YOU FOLLOW US ON: ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions Copyright IBM Corporation 2017. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANYSYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. WGP03611USEN-00

Questions 22 IBM Security

Contact Information Dr. Larry Ponemon Chairman and Founder Ponemon Institute Larry@Ponemon.org Amy Glasscock Senior Policy Analyst NASCIO aglasscock@nascio.org Megan Powell Product Marketing Manager IBM Security megan.powell@ibm.com linkedin.com/in/meganmitchellpowell/ Meredith Ward Senior Policy Analyst NASCIO mward@nascio.org 23 IBM Security

24 IBM Security

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback