Severity Of Cyber Attacks Goes Down, But Frequency Goes Up

November 20, 2024

Canadian organizations victimized by data breaches paid an average of $6.32 million to recover from those incidents, according to a new study from IBM.

That cost is down from 2023 when Canadian organizations were paying an average of $6.94 million, and down from 2022, when the average was $7.05 million.

This bit of good news is offset by the sheer number of annual breaches. The leader of IBM Canada's security services reported there were 27,000 breaches every year in Canada alone, or around 75 breaches a day, an all-time high. At 6.32 million dollars per breach, the costs of cybercrime are staggering.

IBM's report comes as Canadians were warned their private data was at risk of loss because of data breaches at Ticketmaster, AT&T, Giant Tiger, and London Drugs, among others. The costs include not only the ransom paid, if any, but an organization's costs for detection and legal services, crisis management, regulatory fines, consumer reparations, and lost business.

The IBM report was based on an analysis of data breaches experienced by 604 organizations globally between March 2023 and February 2024. Of the 16 countries examined, Canada had the sixth-highest costs for data breaches, behind nations the U.S., Germany, and Italy.

The most targeted sectors included healthcare, financial services, industrial, technology, and energy.

The highest breach costs in Canada were incurred by financial services and technology companies, with an average recovery cost of $9.28 million and $7.84 million, respectively. "Average data breach costs Canadian organizations $6.32 million: IBM study" www.halifax.citynews.ca (Jul. 30, 2024).

Commentary

The IBM report found the two most common forms of attack involved phishing or using stolen or compromised credentials.

Stolen or compromised credentials comprised 16 percent of the attacks studied and, on average, took an average of 10 months to identify and contain. Phishing was a close second technique, at 15 percent of attacks, but ultimately carried even higher costs.

Knowing the most common risks faced by an organization allows that organization to focus on the best way to minimize that risk.

Compromised passwords stolen from other companies are the likely source of numerous breaches. This can be addressed with a good password creation and changing regimen. Phishing attempts, whether human or AI-driven, can be protected against by adopting the measures outlined in resources offered by the Canadian Center for Cyber Security (CCCS).

This information is provided as a joint effort by the Canadian Cyber Incident Response Center ("CCIRC") and Public Safety Canada, operating jointly under the authority of the CCCS. https://www.getcybersafe.gc.ca/en; https://www.publicsafety.gc.ca/cnt/trnsprnc/ccss-nfrmtn-prvc/prvc-mpct-ssssmnt/cndn-cbr-ncdnt-en.aspx

Finally, your opinion is important to us. Please complete the opinion survey: