Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost of a Data Breach study, sponsored by IBM Security


Published on

Understand the impact of today's security breaches by attending our June 26th webinar which will discuss the 2017 Ponemon Cost of a Data Breach study.

Join Ponemon Institute and IBM Security Services on June 26th for a webinar discussing the impact of today’s security breaches based on the latest release of the 2017 Cost of Data Breach Study.

Register for IBM Security Services Webinar highlighting Ponemon Institute 2017 Cost of Data Breach Study The 12th annual Cost of Data Breach Study conducted by Ponemon Institute and sponsored by IBM Security Services calculates the real costs, implications and probabilities of security breaches faced by global organizations.

This webinar will present global findings highlighting trends across 11 countries and 2 regions. Attendees will have access to industry experts for live Q/A and will walk away with key insights, cost reducing strategies, investments and proactive best practices to reduce impact to their businesses in preparation for the next breach.

Join IBM Security Services and Larry Ponemon, founder of the Ponemon Institute, as he walks through the results and methodology of the 2017 Cost of Data Breach Study.

Published in: Technology
  • Cost of a Data Breach study, sponsored by IBM Security.
    Are you sure you want to  Yes  No
    Your message goes here

Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost of a Data Breach study, sponsored by IBM Security

  1. 1. Understanding Today’s Security Breaches: Ponemon Institute’s 2017 Cost of Data Breach Study BENCHMARK RESEARCH SPONSORED BY IBM SECURITY INDEPENDENTLY CONDUCTED BY PONEMON INSTITUTE JUNE 2017
  2. 2. 2 IBM Security Today’s speakers Larry Ponemon Chairman, Ponemon Institute Wendi Whitmore Global Lead, IBM X-Force IRIS
  3. 3. 3 IBM Security The 2017 Ponemon Cost of Data Breach Study covered 1,900 individuals across 419 companies in 13 countries or regions and 17 industries Countries/regionsIndustries Health, 1% Media, 1% Communications, 2% Life science, 4% Transportation, 5% Hospitality, 4% Energy, 5% Consumer,5% Public, 7% Retail, 8% Financial, 15% Industrial, 15% Services, 14% Technology, 12% Education, 1% Research, <1% Entertainment, <1% South Africa, 5% Italy, 6% Canada, 6% Middle East, 6% Australia, 6% Japan 7% France 8% Germany 8% Brazil, 9% India, 9% United Kingdom, 10% United States, 15% ASEAN, 5%
  4. 4. 4 IBM Security Understanding these terms will help you understand the report findings A mega-breach of more than 100,000 records is not considered typical. The cost data in this study cannot be used to calculate the financial impact of a mega-breach over 100,000 records. Data breach An event in which an individual’s name plus a medical record or financial record or debit card is potentially at risk Data record Information that identifies the natural person (individual) whose information has been lost or stolen in a data breach Incident For this study, a data breach involving between approximately 2,600 to slightly more than 100,000 compromised records Participants Organizations that experienced a data breach within the target incident range Benchmark research The unit of analysis is the organization; in a survey, the unit of analysis is the individual
  5. 5. 5 IBM Security What goes up should come down $3.40 $3.60 $3.80 $4.00 2014 2015 2016 2017 $135 $140 $145 $150 $155 $160 2014 2015 2016 2017 Global average cost per record in US dollars Global average cost per incident in millions of US dollars • The global average cost of a data breach is down over previous years • 48% of the per-record 11.4% decrease over last year is due to the US dollar exchange rate • The average size of a data breach increased 1.8% to 24,089 records $141 $3.62M $158 $154 $145 $4.00M $3.79M $3.50M – 11.4% – 10%
  6. 6. 6 IBM Security Costs and trends vary widely across countries in the study Canada $190/$4.31M US $225/$7.35M Brazil $79/$1.52M UK $123/$3.10M Germany $160/$3.68M France $146/$3.51M Italy $128/$2.80M South Africa $128/ $2.53M Australia $106 $1.92M Middle East $155/$4.94M India $64/$1.68M Japan $140/ $3.47M Currencies converted to US dollars; no comparison data for ASEAN ASEAN $112/$2.29M
  7. 7. 7 IBM Security Reductions in the cost of data breach measures helped reduce overall costs in some countries -15.00% -10.00% -5.00% 0.00% 5.00% 10.00% 15.00% AU BZ CA DE FR ID IT JP ME SA UK US Abnormal churn Size of data breach Average total cost Per record cost
  8. 8. 8 IBM Security $71 $101 $119 $123 $124 $131 $132 $137 $149 $150 $154 $165 $188 $200 $223 $245 $380 Public Sector Research Media Transportation Hospitality Entertainment Consumer Energy Industrial Communications Retail Technology Life science Education Services Financial Health The per-record cost of a data breach also varies widely by industry Currencies converted to US dollars Up 7% Up 10.9% Up 7.2% Down 18.7% Up 13.8% Down 3.6% Down 10.5% Down 8.5% Down 4.5% Down 7.4% Down 0.8% * Down 10.8% Down 4.7% Down 9.1% Down 9.8% Down11.3% *Comparative y-t-y data not available Percent change over 2016: Increase Decrease
  9. 9. 9 IBM Security The largest component of the total cost of a data breach is lost business Detection and escalation $0.99 million Notification $0.19 million Lost business cost $1.51 million Ex-post response $0.93 million Components of the $3.62 million cost per data breach $3.62 million Forensics, root cause determination, organizing incident response team, identifying victims Disclosure of data breach to victims and regulators Help desk, inbound communications, special investigations, remediation, legal expenditures, product discounts, identity protection service, regulatory interventions Abnormal turnover of customers, increased customer acquisition cost, reputation losses, diminished goodwill Currencies converted to US dollars
  10. 10. 10 IBM Security Gaining visibility and responding faster help to reduce costs Mean time to identify (MTTI) Mean time to contain (MTTC) (The time it takes to detect that an incident has occurred) (The time it takes to resolve a situation and ultimately restore service) Total cost, in millions Total cost, in millions Currencies converted to US dollars $2.80 $3.83 $3.23 $4.38 MTTI < 100 days MTTI > 100 days $2.83 $3.77 $3.18 $4.35 MTTC < 30 days MTTC > 30 days FY 2017 FY 2016
  11. 11. 11 IBM Security Hackers and criminal insiders continue to cause most data breaches Malicious or criminal attack 47% Human error 28% System glitch 25% $126per record to resolve $156per record to resolve $128per record to resolve Currencies converted to US dollars
  12. 12. 12 IBM Security The incidence of malicious attack varies considerably by country 59% 52% 50% 50% 48% 48% 48% 46% 44% 43% 41% 40% 40% 22% 24% 19% 23% 24% 24% 22% 34% 25% 29% 33% 25% 24% 19% 24% 31% 28% 28% 28% 30% 20% 31% 29% 26% 35% 36% Middle East United States France United Kingdom Japan Australia Canada Germany Brazil South Africa India ASEAN Italy Malicious or criminal attack System glitch Human error
  13. 13. 13 IBM Security Are you focusing on the right things? What are the odds of…. Winning the Powerball? Getting struck by lightning? Being in a car accident on a 1,000-mile trip? Dating a millionaire? 1 in 292,201,338 1 in 960,000 1 in 366 1 in 220
  14. 14. 14 IBM Security The odds are much greater that you will experience a data breach 15% 15% 17% 23% 24% 26% 26% 27% 32% 36% 39% 40% 41% Canada Germany Australia Italy Japan United Kingdom ASEAN United States Middle East France Brazil India South Africa Probability that an organization in the study will experience a data breach over two-year period 1 in 4 Experiencing a data breach? (Global average 28%)
  15. 15. 15 IBM Security What you can do to help reduce the cost of a data breach $2.90 $5.10 $5.20 $5.40 $5.70 $6.20 $6.80 $8.00 $10.90 $12.50 $16.10 $19.30 CPO appointed Board-level involvement CISO appointed Insurance protection Data classification Use of DLP Use of security analytics Participation in threat sharing Business Continuity Management involvement Employee training Extensive use of encryption Incident response team Amount by which the cost-per-record was lowered Currencies converted to US dollars Savings are higher than 2016 * No comparative data * * *
  16. 16. 16 IBM Security The study also found factors that increase the per-record cost ($2.00) ($2.70) ($5.50) ($7.60) ($8.80) ($11.20) ($14.13) ($16.90) Amount by which the cost-per-record was increased Currencies converted to US dollars Third party involvement Extensive cloud migration Compliance failures Extensive use of mobile platforms Lost or stolen devices Rush to notify Consultants engaged Provision of ID protection * * ($16.90) ($14.13) ($11.20) ($8.80) ($7.60) ($5.50) ($2.70) ($2.00) Additional costs are higher than 2016 No comparative data *
  17. 17. 17 IBM Security How organizations are spending their IT security budgets in relation to a breach Prevention 31% Detection 29% Containment 20% Remediation 20% IT SECURITY SPEND
  18. 18. 18 IBM Security Proven Incident Response thought leadership and expertise IBM X-Force Incident Response and Intelligence Services (IRIS) Led by the industry’s top luminaries Do you see what we see? WENDI WHITMORE Global Practice Leader KEVIN ALBANO Global Threat Intelligence Leader CHRISTOPHER SCOTT Global Remediation Leader CRAIG HEILMANN Global Delivery Leader Global response, remediation, intelligence, and team leadership Incident response, investigations, threat analysis Advanced threat research and information analysis Balancing network security with business processes Incident response, remediation, and security operations AHMED SALEH Global Incident Response Leader AREAS OF EXPERTISE
  19. 19. 19 IBM Security IBM Incident Response and Intelligence Services capabilities Built on best practice technologies and supported by industry-leading consulting and services expertise IBM X-Force IRIS INTELLIGENCE SERVICES IBM X-Force IRIS RESPONSE & PROACTIVE SERVICES IBM X-Force IRIS REMEDIATION SERVICES • Threat Intelligence Analysts • Intelligence Enablement Training • Operationalized Intelligence Package • Threat Assessment, Incident Response and Analysis, Retainers • IR / CIRT / CSIRT Program Development • Managed Detection and Response • Breach Remediation • Strategic Remediation and Implementation • Agile Incident Management
  20. 20. 20 IBM Security Breaking the attack chain with Incident Response GATHER Authorized system attempts to access resources BREAK-IN Remote employee triggers drive-by download LATCH-ON Internal system infected as part of a botnet EXPAND Targeted internal email sent to high-profile employees EXFILTRATE Persistent attackers quietly siphoning out data ATTACK CHAIN 1 2 3 4 5 PEOPLE • The right level of expertise to handle advanced attacks • Respond quickly and efficiently; onsite and / or remotely • Understand business process and security requirements • Focused on protecting a clients intellectual property PROCESS • Controlled standards-based incident response plans • Intelligence and malware analysis and reporting TECHNOLOGY • Endpoint event analysis in near real-time • Watson for Cybersecurity bringing cognitive solutions
  21. 21. 21 IBM Security Prevention: When prevention works • Agile incident management: ̶ Which levers will your organization need to pull in the event of a widespread breach? • Account privilege segregation • Privileged password “checkout” • Time-limited privileged access
  22. 22. 22 IBM Security Detection: Worth the investment? • Organization was undergoing active attack on a daily basis • Knew what tools the attacker was using, but was concerned there were areas of enterprise they weren’t seeing • Worked with organization to install an EDR solution • Identified attacker activity on hosts in real time
  23. 23. 23 IBM Security Containment • WannaCry ̶ Robust patching ̶ Offline backups ̶ Sensitive data segmented
  24. 24. 24 IBM Security Remediation • Shamoon v2 • Destructive malware in the environment • Recover data and get business running again as fast as possible • Prevent similar capability from causing disruption in the environment in the future
  25. 25. 25 IBM Security Key takeaways from this year’s study 1 Lost business is the biggest financial consequence of a data breach 6 Visibility across the incident life cycle is critical to identifying threats, prioritizing response and identifying data at risk Having the right skills, expertise and knowledge—from operations to the C- Suite—can impact an organization’s ability to reduce the cost of a data breach3 A proactive approach to incident response can significantly reduce cost and impact of a breach4 Investing in security technologies such as analytics, SIEM and encryption can help prevent breaches as well as reduce cost5 2 Breaches that occur during cloud implementations and involve mobile add complexity and cost
  26. 26. 26 IBM Security Organizations are making investments and seeing results, but there remains much room for improvement Global average percentage of companies that: Have a data security strategy Participate in threat intelligence sharing Deploy security intelligence systems including SIEM Deploy advanced identity and access management tools Extensively use encryption or cryptographic tools Outsource some or all of security opertions or infrastructure 41% 43% 52% 48% 59% 56%
  27. 27. 27 IBM Security Engage with the numbers Go to and register to receive the global study or a country-specific study Go to to learn how IBM Security Services can help in your journey to reduce impact of and exposure to a data breach Go to and see what the data breach numbers look like for you New this year! Data Breach Cost Calculator
  28. 28. 28 IBM Security Q & A
  29. 29. @ibmsecurity youtube/user/ibmsecuritysolutions © Copyright IBM Corporation 2017. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANYSYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. FOLLOW US ON: THANK YOU WGP03611USEN-00