Half of enterprises suffer breaches despite heavy security investments

Data breaches have become an increasingly severe threat, with recent reports highlighting a surge in their frequency and cost. Understanding the latest trends and statistics surrounding data breaches is essential for developing effective strategies to safeguard sensitive information. This article provides an overview of the current state of data breaches, examining key statistics and emerging patterns.

Average data breach cost jumps to $4.88 million, collateral damage increased

IBM | Cost of a Data Breach Report | July 2024

• Breach costs increased 10% from the prior year, the largest yearly jump since the pandemic, as 70% of breached organizations reported that the breach caused significant or very significant disruption.
• 40% of breaches involved data stored across multiple environments including public cloud, private cloud, and on-prem. These breaches cost more than $5 million on average and took the longest to identify and contain (283 days).
• 42% of breaches were detected by an organization’s own security team or tools compared to 33% the prior year.

47% of corporate data stored in the cloud is sensitive

Thales | 2024 Thales Cloud Security Study | July 2024

• 44% of organizations have experienced a cloud data breach with 14% reported having an incident in the last 12 months.
• Human error and misconfiguration continued to lead the top root cause of these breaches (31%), followed by exploiting known vulnerabilities (28%), and failure to use multi-factor authentication (17%).

Only 13% of organizations are cyber mature

Commvault | 2024 Cyber Recovery Readiness Report | July 2024

• A staggering 83% of organizations have suffered a material security breach recently, with over half occurring in the past year alone, underscoring the critical need for advanced preparedness and agile response strategies.
• 54% of cyber mature organizations were completely confident in their ability to recover from a breach, compared to only 33% of less prepared organizations.

1 out of 3 breaches go undetected

Gigamon | 2024 Hybrid Cloud Security Report | June 2024

• As hybrid cloud environments grow in complexity and bad actors launch a barrage of unseen attacks, 65% of respondents believe that their existing solutions cannot effectively detect breaches.
• 31% of organizations only detected a recent breach when they received an extortion threat from the adversary.

Ransomware fallout: 94% experience downtime, 40% face work stoppage

Arctic Wolf | 2024 Arctic Wolf Trends Report | May 2024

• Within the last 12 months, 48% of organizations identified evidence of a successful breach within their environment.
• 66% of organizations that suffered a data breach in the last year chose to publicly disclose information regarding their incidents, while 30% only disclosed their breaches to impacted parties.

2024 Data Breach Investigations Report: Most breaches involve a non-malicious human element

Verizon | 2024 Data Breach Investigations Report | May 2024

• 68% of breaches, whether they include a third party or not, involve a non-malicious human element, which refers to a person making an error or falling prey to a social engineering attack.
• 32% of all breaches involved some type of extortion technique, including ransomware.

51% of enterprises experienced a breach despite large security stacks

Pentera | The State of Pentesting 2024 | April 2024

• 93% of enterprises who admitted a breach reported unplanned downtime, data exposure, or financial loss as a result.
• On average, enterprises already have 53 security solutions in use across their organization, however, despite large security stacks, 51% of enterprises reported a breach over the past 24 months.

98% of businesses linked to breached third parties

SecurityScorecard | Close Encounters of the Third (and Fourth) Party Kind | March 2024

• 75% of external business-to-business (B2B) relationships that enabled third-party breaches involved software or other technology products and services.
• The three most widely exploited vulnerabilities (MOVEit, CitrixBleed, and Proself) were involved in 77% of all third-party breaches involving a specified vulnerability.
• Healthcare and financial services emerged as the sectors most heavily impacted by third-party breaches, with healthcare accounting for 35% of total breaches and financial services accounting for 16%.