What’s in a Breach? How to Minimise Incidents and Costs
Table Of Contents:
As elsewhere, data breach costs in the UK continue to rise. The latest (19th) edition of the IBM Cost of a Data Breach report puts the figure at $4.5m (£3.6m) per breach in the UK, a 5% year-on-year (YoY) increase. By contrast, the global figure spiked 10% annually to hit almost $4.9m (£3.8m). Yet, although we’re doing slightly better than the global average, this is no time for complacency. Organisations should be doing as much as they can to minimise both incidents and costs.
Fortunately, the report has a wealth of data to help guide your cybersecurity strategy.
Key Findings From the UK
The UK breakdown contains some interesting stats. Nearly two-fifths (38%) of breaches studied involve data stored across multiple cloud and on-premises environments. They take the longest to identify and contain (258 days) despite coming in just under the average cost (£3.5m). Given that most organisations today run hybrid and multi-cloud environments, visibility and control of these systems are increasingly critical.
Perhaps the most useful insight in the report is around the key factors increasing and decreasing breach costs.
The top three factors amplifying breach costs for UK organisations are:
- Non-compliance with regulations (which added an average of £287,000 per breach)
- IoT/OT environment breached or impacted (£246,000)
- Supply chain breaches (£241,000)
We know from the ISMS.online State of Information Security Report 2024 that a fifth of UK organisations have experienced IoT device breaches (20%) and supply chain breaches (18%) over the past year. And that the average regulatory fine amount impacting businesses increased by 3.5% annually to £258,000. In fact, 70% of organisations received breach fines in excess of £100,000 in the past year. Finding best practice ways to mitigate IoT, supply chain and regulatory risk should, therefore, be a priority.
Other factors that could ramp-up breach costs include:
- Stolen/compromised credentials. This was the most common attack vector, accounting for 15% of breaches studied by IBM and costing nearly £4.3m per breach
- Phishing accounted for the second largest number of breaches (12%) and £3.6m in average costs. It was also the top cybersecurity incident experienced in the past 12 months, according to ISMS.online (39%)
- Business email compromised (11% and £4m)
- Malicious insiders (10% and £4.4m)
However, all is not lost. The study also finds that AI and automation deployment is on the rise and could have a significant positive impact on breach costs. Some 71% of UK organisations claim to be deploying these tools across their security operation centre (SOC), up 13% annually and more than the global average (66%). The figure is also significantly higher than the share (26%) of respondents that ISMS.online says are adopting new tech like AI and machine learning (ML) for security – although these also included respondents from the US and Australia.
Still, IBM claims that doing so can accelerate incident detection and containment by 106 days. It’s perhaps not surprising, therefore, that three-quarters (76%) of security professionals ISMS.online asked in the US, UK, and Australia believe AI and ML technology is improving information security. They’re right to think so; generative AI assistant tools can help to close SOC analyst skills gaps by summarising complex information, suggesting next steps, and even assisting with threat-hunting queries. And other AI algorithms can be set to work filtering out alert noise to help with triaging and prioritisation, ultimately boosting analyst productivity.
According to IBM, breached UK firms found costs were £1.1m lower when such tools were deployed.
The Global Picture
At a global level, IBM claims that over half of organisations have “severe” or “high-level” security staff shortages, driving up costs by an average of $1.8m. ISMS.online data reveals that almost a third (31%) of firms believe security skills shortages are a top challenge. However, there are also some more positive findings.
Globally, average data breach lifecycles hit a seven-year low of 258 days – down from 277. Although it’s still taking too long to identify and contain incidents, the figure is moving in the right direction. Further, 42% of breaches are now detected by internal corporate teams, up from 33% last year. This saved nearly $1m per breach versus an incident disclosed by an attacker – who might already have encrypted the network with ransomware, for example.
On that note, there’s also sage advice for legal and business executives. Those engaging with law enforcement save nearly $1m on average, not including the ransom. Law enforcers often have access to decryption keys and other intelligence that can be used to mitigate breach risk and recover extorted funds.
Other Ways to Reduce Breach Costs
Globally, employee training ($258,629) and AI and ML insights ($258,538) are the top two factors leading to reduced breach costs. As long as they’re implemented as part of a holistic, process-driven, best-practice approach to cyber-risk management, they seem to be two obvious first steps to help mitigate the financial damage resulting from data breaches.
SandboxAQ CISO Chris Bates says both AI and automation can add value for SOC analysts.
“AI is being used in the SOC to speed up response and to provide better context so responders can act quicker. It is also being used to do advanced detections across many different data and log sources,” he tells ISMS.online.
“Automation is key for any SOC; it allows analysts to run response playbooks at a click or command, which are standard, repeatable, and fast. Further automation can be used to QA or test custom rules that the SOC analysts create, to verify they are still working on an ongoing basis.”
Beyond this, organisations should consider best practice frameworks and standards like ISO 27001, SOC2 and NIST CSF, according to Akhil Mittal, senior security consulting manager at the Synopsys Software Integrity Group.
“These frameworks are more than just checkboxes; they’re practical guides for building strong cybersecurity practices. By following these standards, organisations can create a culture where security is everyone’s responsibility. This means implementing proven best practices and setting up processes that significantly lower the risk and impact of breaches,” he tells ISMS.online.
“When everyone understands their role in protecting sensitive information, the organisation becomes more resilient to threats. It’s about being proactive rather than reactive, which can lead to substantial cost savings in the long run.”