The size and cost of data breaches in Australia are increasing and organisations are getting worse at dealing with them, according to new research from IBM and the Ponemon Institute.
The amount of incidents are likely increasing too, although it is hard to confirm because up until last year, most Australian organisations were not required to report data breaches.
On average, the cost of a breach in Australia is now $US 2.13 million, up from $US 1.99 million in 2018, and includes 19,800 data records, according to the IBM research. Australian organisations take an average of 200 days to identify a breach and another 81 days to contain them, both longer periods than a year ago.
IBM partnered with the Ponemon Institute, an independent research organisation, to conduct its annual study of the financial impact of data breaches, analysing over 500 companies which had experienced a breach.
The latest study, released this month, showed the average cost of a data breach globally has risen 12 per cent over the past five years and now costs $US 3.9 million on average. The figure is a calculation of the multiyear financial impact of breaches, increased regulation and the complex process of resolving criminal attacks.
While the size, total cost and per record cost have increased in Australia, “abnormal customer turnover” actually decreased, year on year, making it one of the few countries globally to have improved. However, breaches are still increasing abnormal customer turnover in Australia by 2.8 per cent, according to the study.
Globally, the likelihood of a data breach has been steadily increasing over the last five years.
The IBM study did not break out the amount of breaches in Australia, however since the introduction of mandated breach reporting in Australia in 2017 there has been a surge in reporting — up 712 per cent on reports under the scheme.
“Cybercrime represents big money for cybercriminals, and unfortunately that equates to significant losses for businesses,” said Wendi Whitmore, Global Lead for IBM X-Force Incident Response and Intelligence Services.
“With organisations facing the loss or theft of over 11.7 billion records in the past 3 years alone, companies need to be aware of the full financial impact that a data breach can have on their bottom line –and focus on how they can reduce these costs.”
The IBM study found costs of breaches could be significantly reduced with automated security technologies and extensive use of encryption.