Cost of data breaches for companies in South Africa
The average cost of a data breach for a South African organisation sits at a hefty R49.45 million.
This is according to the 2023 Cost of a Data Breach Report, which is research conducted by the Ponemon Institute and analysed and published by IBM Security.
A data breach is defined as an event in which records containing personally identifiable information; financial or medical account details; or other secret, confidential or proprietary data are potentially put at risk.
The 2023 report, which studied hundreds organisations impacted by data breaches, showed that they are increasing in frequency and cost burden across the globe.
These costs fluctuates across countries, but skyrockets in the United States, with the average data breach coting a US company $9.48 million.
South Africa has seen an 8% increase from 2022, and a 73% increase from 2015, costing an average of R2750 to recover each file.
Additionally, many companies do not know that they had a breach until it is too late.
The report found that one-third of companies discovered the data breach through their own security teams, with 67% of breaches being reported by a benign third party or by the attackers themselves.
According to the report, in South Africa, the financial industry, including banking, insurance and investment companies, was hardest hit by data breaches in 2023, followed by industrial and services sectors respectively.
Globally, the healthcare sector is most at risk. The healthcare industry has seen a considerable rise in data breach costs since 2020, and for the 13th year in a row, the healthcare industry reported as the most expensive data breaches globally, at an average cost of $10.93 million.
The IBM Report indicated that the that most cyber threats resulted from stolen or compromised credentials and phishing scams, while attacks through compromised business e-mails were a close second.
The report gives four recommendations to help reduce the cost of a data breach:
- Build security into every stage of software development and deployment—and test regularly
- Modernize data protection across hybrid cloud
- Use security AI and automation to increase speed and accuracy
- Strengthen resiliency by knowing your attack surface and practicing incident response.
Era Gunning, an executive at ENS Africa furthered on this, saying that the IBM Report shows the potential benefit of AI in cybersecurity.
“The extensive use of automation saved organisations nearly $1.8 million in data breach costs,” said Gunning. “On average, it accelerated data breach identification and containment by over 100 days, while almost all organisations use or want to use artificial intelligence for cybersecurity operations, only 28% of them use it extensively,” she added.
In terms of cyber security, Gunning says that the capabilities AI pose include:
- Enhancesd precision of malware detection systems by detecting data patterns indicating questionable activities;
- Monitors user activity across multiple platforms;
- Identifies and flags suspicious activity;
- Detects new strains of existing malware, preventing malicious actions including ransomware attacks;
- Minimises the impact of cybersecurity threats;
- Assists in identifying suspicious content, such as phishing links and malicious URLs;
- Alerts security teams for timely preventive measures.
Additionally, ICT company Seacom says that “in an era where cyber attacks are continually evolving, it is critical to invest in strong cyber security measures”, and recommends that companies do regular security assessments, do employee education and awareness, as well as building a multi-tiered security strategy.
Read: The biggest cyber security threats for businesses in South Africa