IBM: Stolen employee credentials lead to most expensive data breaches

Stolen or compromised credentials and cloud misconfigurations were the most common causes of malicious data breach in 2019, according to a report from IBM.  

Businesses that were attacked through compromised credentials in 2019 saw nearly £1 million worth of higher remedial costs, according to the tech giant's annual 'Cost of a Data Breach Report'.

The figures are based on an in-depth analysis of real-world data breaches suffered by over 500 organisations worldwide. Compromised credentials and cloud misconfigurations were the most common causes of data breach, representing nearly 40% of malicious incidents. 

Over 8.5 billion records were exposed in 2019, with attackers using previously exposed email addresses and passwords in one out of five breaches studied by IBM.

Similarly, many of the companies included in the reported struggled with security complexity, which has proved to be expensive after data breaches. This is also contributing to cloud misconfigurations becoming a growing security challenge, the report suggested.

Attackers used cloud misconfigurations to breach networks nearly 20% of the time, increasing breach costs by more than half a million dollars to $4.41 million on average, which makes it the third most expensive initial infection type examined in the report.

Some 46% of respondents laid the blame for data breaches at the door of the CISO, suggesting they ultimately had responsibility, despite only 27% stating that the CISO was the security policy and technology decision-maker of their respective companies.

The report contradicted that slightly, finding that CISO appointments usually resulted in a $145,000 cost savings versus the average cost of a breach.

State-sponsored attacks represented just 13% of malicious breaches studied, according to the report, but these were the most damaging type of attack. It suggested that the highly tactical nature, longevity and stealth manoeuvres of state-backed attacks, as well as the high-value data targeted, often resulted in a more extensive compromise of victim environments, increasing breach costs to an average of $4.43 million.