(Montreal) Thefts of company data, which have become a “habitual occurrence” because of their frequency, have more consequences on the population than one would think, according to IBM.
Indeed, while data leaks can endanger customers’ personal information, as happened to Desjardins in 2019, they also often tend to drive up consumer bills.
IBM’s latest annual Cost of a Data Breach report, released last July, shows that a single attack causes an average total cost of $5.62 million worldwide ― and $7.29 million in Canada . Moreover, no less than 83% of the 550 international companies surveyed were not at their first breach.
60% of companies surveyed said they had to raise the price of their products or services to compensate for lost money.
IBM Canada Associate Cybersecurity and Digital Trust Associate Evan O’Regan calls it a “cybertax.”
“Imagine a supply chain, from the moment the good is produced, the company that takes care of the logistics, the transport. In this supply chain, there may be several companies that have been hacked, which contributes to the consumer cybertax. »
The monetary loss can come from the cessation of commercial operations ― if, for example, an online sales site is temporarily disconnected ―, but also from the efforts to be made to detect and resolve the problem, to put the system back on its feet, to ensure that the same weakness will not be able to be used a second time and notify users.
IBM’s report also highlights the fact that many months can pass before a problem is found and fixed. Indeed, it takes an average of 207 days to identify a data leak, and another 70 days to contain it.
On this aspect, “Canada is doing relatively well,” commented Mr. O’Regan. Indeed, the Canadian average to detect and respond to a breach is 208 days, compared to 277 for the global average.
Build a castle
Still, there are ways to protect yourself to reduce the frequency and cost of leaks, O’Regan said, lamenting that “companies see their IT security department as an expense to be reduced rather than an investment.” .
He advocates an approach dubbed “zero trust.”
“A traditional approach is like a castle,” he said. You have walls, moats, because you expect danger to come from outside. But the reality is that today it must be taken for granted that these defenses have already been penetrated. »
He therefore advises companies to have a robust identity and access management policy, for example by having safeguards in place against hackers who have managed to take control of an employee account.
The massive deployment of teleworking during the pandemic has caused its share of IT weaknesses, increasing the risk of breaches as well as the average cost of these. But Mr O’Regan argued that the practice “isn’t difficult or complicated to protect well”, but that one must “be sure to give workers the tools and training” necessary.
According to the report, the use of artificial intelligence can, in turn, cut costs almost in half.
The 2022 report is the 17e to be published by IBM. The research was conducted by the Ponemon Institute, which analyzed breaches that occurred at 550 companies across 17 countries or regions between March 2021 and March 2022.