Average SA data breach now costs nearly R50-million

IBM Security’s annual Cost of a Data Breach Report shows that the average data breach cost for South African organisations reached R49.5-million in 2023 – an all-time high.

This represents an 8% increase over the last three years and a 73% increase since South Africa was added to the report eight years ago.

According to the 2023 report, the financial sector experienced the highest average costs of data breaches of R73-million. The industrial and services sectors were second and third, with R71.4-million and R58.8-million, respectively.

Most cyberattacks were the result of stolen or compromised credentials and phishing scams, which constituted 14% of the initial attack vectors. Attacks through compromised business e-mails were second at 12%, and attacks due to cloud misconfiguration were third at 11%.

Globally, the study also found that 95% of the organisations studied, including those in South Africa, have experienced more than one breach. However, breached organisations were more likely to pass incident costs onto consumers than to increase security investments.

“South Africa is the financial centre and economic gateway to the rest of the continent. This knowledge is not exclusive to the business community; cyberattackers are aware of it, too, as the financial sector is the most targeted,” said IBM South Africa GM Ria Pinto.

Data breach

“Organisations should modernise their perimeter security strategies to enhance protection of their financial data by using zero-trust security solutions, underpinned by AI and automation, to increase their cyber resiliency, manage the risks and comply with strict data privacy policies such as the Protection of Personal Information Act,” Pinto said in a statement.

AI and automation had the biggest impact on speed of breach identification and containment for studied organisations. In South Africa, organisations with extensive use of both AI and automation experienced a data breach lifecycle that was 95 days shorter compared to organisations that did not deploy these technologies – but only 28% of organisations have extensively implemented security AI and automation.

“Time is the new currency in cybersecurity, both for the defenders and the attackers. As the report shows, early detection and fast response can significantly reduce the impact of a breach,” said Worldwide IBM Security Services GM Chris McCurdy.

“Security teams must focus on where adversaries are the most successful and concentrate their efforts on stopping them before they achieve their goals. Investments in threat detection and response approaches that accelerate defenders’ speed and efficiency – such as AI and automation – are crucial to shifting this balance.”  — © 2023 NewsCentral Media

Get TechCentral’s daily newsletter