IBM: Stolen employee credentials lead to most expensive data breaches

Respondents to IBM's Cost of a Data Breach Report place blame with CISOs

IBM logo

Stolen or compromised credentials and cloud misconfigurations were the most common causes of malicious data breach in 2019, according to a report from IBM.  

Businesses that were attacked through compromised credentials in 2019 saw nearly £1 million worth of higher remedial costs, according to the tech giant's annual 'Cost of a Data Breach Report'.

The figures are based on an in-depth analysis of real-world data breaches suffered by over 500 organisations worldwide. Compromised credentials and cloud misconfigurations were the most common causes of data breach, representing nearly 40% of malicious incidents. 

Over 8.5 billion records were exposed in 2019, with attackers using previously exposed email addresses and passwords in one out of five breaches studied by IBM.

Similarly, many of the companies included in the reported struggled with security complexity, which has proved to be expensive after data breaches. This is also contributing to cloud misconfigurations becoming a growing security challenge, the report suggested.

Attackers used cloud misconfigurations to breach networks nearly 20% of the time, increasing breach costs by more than half a million dollars to $4.41 million on average, which makes it the third most expensive initial infection type examined in the report.

Some 46% of respondents laid the blame for data breaches at the door of the CISO, suggesting they ultimately had responsibility, despite only 27% stating that the CISO was the security policy and technology decision-maker of their respective companies.

The report contradicted that slightly, finding that CISO appointments usually resulted in a $145,000 cost savings versus the average cost of a breach.

Related Resource

A simple guide to the dark web

Why the continued rise of the dark web is a threat to corporate data and why businesses need to take action

Download now

State-sponsored attacks represented just 13% of malicious breaches studied, according to the report, but these were the most damaging type of attack. It suggested that the highly tactical nature, longevity and stealth manoeuvres of state-backed attacks, as well as the high-value data targeted, often resulted in a more extensive compromise of victim environments, increasing breach costs to an average of $4.43 million.

Featured Resources

Unleashing the power of AI initiatives with the right infrastructure

What key infrastructure requirements are needed to implement AI effectively?

Download now

Achieve today. Plan tomorrow. Making the hybrid multi-cloud journey

A Veritas webinar on implementing a hybrid multi-cloud strategy

Download now

A buyer’s guide for cloud-based phone solutions

Finding the right phone system for your modern business

Download now

The workers' experience report

How technology can spark motivation, enhance productivity and strengthen security

Download now

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
Hackers are actively exploiting three Apple iOS flaws

Hackers are actively exploiting three Apple iOS flaws

27 Jan 2021
16 ways to speed up your laptop

16 ways to speed up your laptop

26 Jan 2021