At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Phishing-Based Data Breaches Take 295 Days to Contain and Breach Costs Soar to $4.91 Million

    Fresh data on data breach costs from IBM show phishing, business email compromise, and stolen credentials take the longest to identify and contain.

    There are tangible repercussions of allowing your organization to succumb to a data breach that starts with phishing, social engineering, business email compromise, or stolen credentials – according to IBM’s just-released 2022 Cost of a Data Breach report.

    Phishing and social engineering go hand-in-hand, with business email compromise and stolen credentials being outcomes of attacks, used as launch points for further malicious actions.

    According to the IBM report, the average cost of a data breach in 2022 is $4.35 million, with an average of 277 days to identify the breach and contain it. That’s actually the good news. Why you ask? Because when you factor in the initial attack vector, it gets worse.

    According to IBM, the following are the average data breach costs based on the initial attack vector:

    • Phishing – $4.91 million
    • Business Email Compromise – $4.89 million
    • Stolen Credentials – $4.50 million
    • Social Engineering – $4.10 million

    Why so much? A lot of it has to do with how long threat actors act undetected as they move laterally within your environment, gain access to credentials and data, and exfiltrate your valuable data.

    According to the report, the longest times revolve around attacks that involve your users:

    7-19-22 Image

    Source: IBM

    With the average number of days to detection and containment being 277, it’s evident that stolen credentials, phishing, and business email compromise (the attack vectors your users play a role in!) push those “rookie numbers” up, giving attackers an additional 1-2 month’s time to continue their malicious activities.

    Additional takeaways

    • Employee security awareness training can cover 49% of the breach types
    • Employee training saves USD $247K cost in terms of data breach impact cost (Page 20)
    • Breaches in the public cloud were costliest for the organizations that don’t invest in employee training and expect public cloud providers to take care of breaches.

    We already know that phishing and BEC attacks focus on either stealing credentials or infecting endpoints, putting the user receiving the malicious email, phone call, text, etc. squarely in the middle of the discussion that results in these massive data breach costs.

    Users need to play a role in your security strategy to help mitigate the risk of successful attacks through continual Security Awareness Training that teaches them how to identify suspicious content in email and on the web, helping to avoid any interaction that would result in a data breach.

    Request A Demo: Security Awareness Training

    New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

    Save My Spot!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top