IBM: Stolen employee credentials lead to most expensive data breaches

Respondents to IBM's Cost of a Data Breach Report place blame with CISOs

IBM logo

Stolen or compromised credentials and cloud misconfigurations were the most common causes of malicious data breach in 2019, according to a report from IBM.  

Businesses that were attacked through compromised credentials in 2019 saw nearly £1 million worth of higher remedial costs, according to the tech giant's annual 'Cost of a Data Breach Report'.

The figures are based on an in-depth analysis of real-world data breaches suffered by over 500 organisations worldwide. Compromised credentials and cloud misconfigurations were the most common causes of data breach, representing nearly 40% of malicious incidents. 

Over 8.5 billion records were exposed in 2019, with attackers using previously exposed email addresses and passwords in one out of five breaches studied by IBM.

Similarly, many of the companies included in the reported struggled with security complexity, which has proved to be expensive after data breaches. This is also contributing to cloud misconfigurations becoming a growing security challenge, the report suggested.

Attackers used cloud misconfigurations to breach networks nearly 20% of the time, increasing breach costs by more than half a million dollars to $4.41 million on average, which makes it the third most expensive initial infection type examined in the report.

Some 46% of respondents laid the blame for data breaches at the door of the CISO, suggesting they ultimately had responsibility, despite only 27% stating that the CISO was the security policy and technology decision-maker of their respective companies.

The report contradicted that slightly, finding that CISO appointments usually resulted in a $145,000 cost savings versus the average cost of a breach.

Related Resource

A simple guide to the dark web

Why the continued rise of the dark web is a threat to corporate data and why businesses need to take action

Download now

State-sponsored attacks represented just 13% of malicious breaches studied, according to the report, but these were the most damaging type of attack. It suggested that the highly tactical nature, longevity and stealth manoeuvres of state-backed attacks, as well as the high-value data targeted, often resulted in a more extensive compromise of victim environments, increasing breach costs to an average of $4.43 million.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Alkira offers Check Point CloudGuard Security to secure virtual cloud networks
Cloud

Alkira offers Check Point CloudGuard Security to secure virtual cloud networks

29 Sep 2021
Iboss protects web sessions with remote browser isolation
Cloud

Iboss protects web sessions with remote browser isolation

16 Aug 2021
Most CISOs worry cloud software flaws aren’t being caught
cloud security

Most CISOs worry cloud software flaws aren’t being caught

7 Jun 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021
Veritas Backup Exec 21.3 review: Covers every angle
backup software

Veritas Backup Exec 21.3 review: Covers every angle

14 Oct 2021