IBM: Stolen employee credentials lead to most expensive data breaches

Respondents to IBM's Cost of a Data Breach Report place blame with CISOs

IBM logo

Stolen or compromised credentials and cloud misconfigurations were the most common causes of malicious data breach in 2019, according to a report from IBM.  

Businesses that were attacked through compromised credentials in 2019 saw nearly £1 million worth of higher remedial costs, according to the tech giant's annual 'Cost of a Data Breach Report'.

The figures are based on an in-depth analysis of real-world data breaches suffered by over 500 organisations worldwide. Compromised credentials and cloud misconfigurations were the most common causes of data breach, representing nearly 40% of malicious incidents. 

Over 8.5 billion records were exposed in 2019, with attackers using previously exposed email addresses and passwords in one out of five breaches studied by IBM.

Similarly, many of the companies included in the reported struggled with security complexity, which has proved to be expensive after data breaches. This is also contributing to cloud misconfigurations becoming a growing security challenge, the report suggested.

Attackers used cloud misconfigurations to breach networks nearly 20% of the time, increasing breach costs by more than half a million dollars to $4.41 million on average, which makes it the third most expensive initial infection type examined in the report.

Some 46% of respondents laid the blame for data breaches at the door of the CISO, suggesting they ultimately had responsibility, despite only 27% stating that the CISO was the security policy and technology decision-maker of their respective companies.

The report contradicted that slightly, finding that CISO appointments usually resulted in a $145,000 cost savings versus the average cost of a breach.

Related Resource

A simple guide to the dark web

Why the continued rise of the dark web is a threat to corporate data and why businesses need to take action

Download now

State-sponsored attacks represented just 13% of malicious breaches studied, according to the report, but these were the most damaging type of attack. It suggested that the highly tactical nature, longevity and stealth manoeuvres of state-backed attacks, as well as the high-value data targeted, often resulted in a more extensive compromise of victim environments, increasing breach costs to an average of $4.43 million.

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Most Popular

Why you should prioritise privileged access management
Sponsored

Why you should prioritise privileged access management

9 Oct 2020
IT services giant Sopra Steria falls victim to Ryuk ransomware
Security

IT services giant Sopra Steria falls victim to Ryuk ransomware

23 Oct 2020
The enemy of security is complexity
Sponsored

The enemy of security is complexity

9 Oct 2020