Credit: Dreamstime

Australian businesses are taking almost 10 months to detect and contain data breaches, according to a new report by IBM.

In the vendor’s annual Cost of a Data Breach report, Australian companies took an average time of 311 days to detect and contain a data breach — 219 to detect, 92 to contain — in the 2021 reporting period.

The report, which surveyed 25 Australian businesses, revealed responses took over a week longer than reported in the prior year.

On average, the report claimed, this is costing businesses on average $3.7 million per incident, an almost 10 per cent increase over the previous year and an almost 50 per cent increase since 2016. According to IBM, this is the highest cost in the report’s 12-year history.

Broken down, the 2021 costs amounted to $1 million spent in detection and escalation, $1.7 million in business losses and around $1 million in the post-response.

In terms of incident causes, a vulnerability in third-party was shown to be the costliest for businesses, averaging at around $4.4 million and counting for 13 per cent of cases.

Phishing and stolen business credentials were shown to be the most prevalent form of attack, forming just over 18 per cent of breaches and costing around $4.1 million.

“At the same time, customer personal data (like names, emails and passwords) was the most common type of information leaked – a dangerous combination that could provide attackers with leverage for future breaches,” IBM’s report said.

Malicious insiders were also shown to cause major monetary damage for businesses, averaging $4.2 million in costs and accounting for around 8.5 per cent of breaches.

Meanwhile, business email compromise posed a $3.5 million problem, while cloud misconfiguration stood at $3.44 million, accounting for 4.5 and 12.5 per cent of incidents, respectively.

Data breaches in the financial sector were most expensive by industry in Australia, standing at $233 per record cost, followed by the technology sector at $224 per record cost and services at $203 per record cost.

According to IBM, a vendor that is investing heavily in the hybrid cloud space, Australian organisations that had implemented a hybrid cloud approach were able to identify and contain a data breach faster in 266 days compared to primarily public cloud, which took 346 days.

In addition, the report claimed that the shift to remote work has led to more expensive data breaches, with global breaches costing over US$1 million more on average when remote work was indicated as a factor in the event.