© 2020 Content Security Pty Ltd.

Cost of a data breach

Quiz: Cost of a data breach hits record high with unprecedented pressures in 2021

IBM recently released their annual Cost of a Data Breach Report for 2021. According to the report, there’s been a massive increase in the overall cost of security incidents, with unprecedented pressures such as remote work, widespread transitions into the cloud, and adopting AI, automation and zero trust heavily impacting security.


Of all the findings, the increase in the total cost of a breach is perhaps the most worrying – with the jump from $3.86m to $4.24m USD as the largest single year cost increase in the last seven years. Read on to discover the other key findings.


Not interested in reading? Skip straight to our quiz.

What is the cost of a data breach in 2021?

There’s been a 10% increase in the overall cost of a data breach since last year’s report, with costs rising from an average of $3.86 million to $4.24 million in just 12 months. IBM notes that this is the highest figure in the report’s 17-year history.

Australia recorded the third highest average total cost increase (30.2%), with breaches now sitting at $2.82m USD.

Of the global average cost, 38% can be owed to lost business, which according to IBM, includes ‘increased customer turnover, lost revenue due to system downtime and the increasing cost of acquiring new business due to diminished reputation.’

In addition, the average breach lifecycle is now 287 days – a week longer than in 2020. Lifecycles <200 days also produced cost savings of nearly a third over those >200 days, e.g. $3.61m vs. $4.87m, respectively.

What can we attribute the overall cost of data breaches to?

The impacts of remote work

Yep, you guessed it – the pandemic had massive impacts on how we operated last year so of course it’s affected the average cost of security incidents. In fact, the rapid shift to remote work and widespread digital transformation increased the overall cost of breaches by around $1.07m.

Approximately 17.5% of businesses attributed breaches to remote work and those that had more than 50% of their workforce working remotely took 58 days longer to identify and contain breaches.

The average cost was $1.07m higher where remote work was a factor and 17.5% of businesses credited working from home as a primary cause of a breach.

The cost of zero, zero trust

For the first year, IBM took a look at how zero trust security architecture affected the cost of breaches. Breaches were more costly for businesses without zero trust deployed ($5.04m) vs. those in the more mature stages of their implementations ($3.28m). Interestingly, nearly half of organisations surveyed have no plans to deploy zero trust.

Shifting into the cloud environment

This was also the first year IBM looked at the extensive effects of cloud breaches and the impacts of cloud migrations. According to the report, public cloud breaches were the costliest, sitting at $4.80m vs. hybrid cloud breaches at $3.61m. Extensive cloud migration was also the third highest cost amplifying factor, increasing breaches by 38.7% or $1.66m.

Adopting security automation and AI, and the perils of system complexity

IBM found that high levels of security AI and automation led to the biggest cost savings for businesses. Organisations with no security automation experienced breach costs of $6.71m, while those with fully deployed automation only paid $2.90m.

Businesses with more mature AI platforms saw breaches of $3.30m, while those with less mature platforms were hit with $4.79m – a cost difference of 36.8%. High system complexity (e.g. a higher number of tools, systems, devices, data and users) was also another cost kicker, leading to breaches of around $5.18m vs. low system complexity breaches at $3.03m.

How did the cost of a data breach vary across industries?

For the 11th consecutive year, healthcare has reported the highest industry cost of a breach, skyrocketing from $7.13m in 2020 to $9.23m in 2021 – a 29.5% increase. Following just behind for the largest average total cost are the financial industry, pharmaceuticals, technology and energy.

Again, these findings were expected – for one, the pandemic placed increasing importance on healthcare and pharmaceuticals, and therefore piqued cybercriminals’ interest. Further to that, all industries – specifically retail, hospitality etc. – underwent significant operational changes that also led to major cost growth.

FIGURE 1. AVERAGE total cost of a data breach by industry,  ibm cost of a data breach report 2021. 

What types of records were compromised?

Customer personally identifiable information (PII) was the most common and costliest type of breached record – involved in 44% of all incidents and sitting at $180 per lost record. Anonymised (meaning, data modified to remove PII) came in at second (28%), intellectual property in third (22%) and employee PII in fourth (26%).

What were the most common attack vectors?

Unsurprisingly, the most common initial attack vector was compromised credentials, responsible for one fifth of all breaches. Phishing came in at a close second of 17% and cloud misconfiguration at 15%.

IBM has provided a helpful chart that assists in visualising the costliest of these vectors – note business email compromise (BEC) as the second least frequent but the highest in terms of cost ($5.01m):

FIGURE 2. AVERAGE total cost and frequency of data breaches by initial attack vector, ibm cost of a data breach report 2021. 

Ready to test your knowledge on all things cost of a data breach?

Now that we’ve run through a few of this year’s findings, you’re probably ready to test your knowledge. Take the quick quiz below to brush up on your data breach knowledge and discover new findings from this year’s report!

About the report

Now in its 17th year, IBM’s Cost of a Data Breach report is one of the most highly anticipated cyber security publications. It’s based on independent research conducted by the Ponemon Institute and analyses real-world data breaches across the world. This year, the report looked at 537 breaches across 17 countries and 17 distinct industries.

To download the report, please visit IBM’s website.

For more information please contact our cybersecurity professionals today.

Recent news