Company data thefts, which have become “usual events” due to their frequency, have more consequences on the population than one might think, according to IBM.
Indeed, while data leaks can endanger customers’ personal information, as happened at Desjardins in 2019, they also often tend to drive up consumer bills.
IBM’s latest annual Cost of a Data Breach report, released last July, indicates that a single attack averages a total cost of $5.62 million worldwide ― and $7.29 million in Canada. Moreover, no less than 83% of the 550 international companies surveyed were not at their first breach.
60% of companies surveyed said they had to increase the price of their products or services to compensate for lost money.
IBM Canada Associate Cybersecurity and Digital Trust Associate Evan O’Regan calls it a “cybertax.” “Imagine a supply chain, from the moment the good is produced, and the company that takes care of the logistics, the transport. In this supply chain, there may be several companies that have been hacked, which contributes to the consumer cybertax. »
The financial loss can come from the cessation of commercial operations if, for example, an online sales site is temporarily disconnected, but also from the efforts to be made to detect and resolve the problem, to put the system back on its feet, to ensure that the same weakness cannot be used a second time and notify users.
IBM’s report also highlights the fact that it can take many months for a problem to be found and fixed. Indeed, it takes an average of 207 days to determine a data breach, and another 70 days to contain it.
On this aspect, “Canada is doing relatively well,” commented Mr. O’Regan. Indeed, the Canadian average to detect and respond to a breach is 208 days, compared to 277 for the global average.
Still, there are ways to protect yourself to reduce the frequency and cost of leaks, O’Regan said, lamenting that “companies see their IT security department as an expense to be reduced rather than an investment.” .
He advocates an approach dubbed “zero trust.” “A traditional approach is like a castle,” he said. You have walls, moats, because you expect danger to come from outside. But the reality is that today it must be taken for granted that these defenses have already been penetrated. »
The massive deployment of telework during the pandemic has caused its share of IT weaknesses, increasing the risk of breaches as well as the average cost of these. But Mr. O’Regan pleaded that in practice, it “is neither difficult nor complicated to protect oneself well”, but that one must “be sure to give workers the tools and the training” necessary.
According to the report, the use of artificial intelligence can, in turn, reduce costs by almost half.
The 2022 report is the 17e to be published by IBM. The research was conducted by the Ponemon Institute, which analyzed breaches that occurred at 550 companies across 17 countries or regions between March 2021 and March 2022.