Time.news – Every single data stolen in Italy costs companies, on average, 143 euros. Globally it rises to $ 164. The pharmaceutical industry is the one that loses the most: each stolen data cost 182 euros. The technology sector (174 euros) and financial services (173 euros) follow.
Considering the intensity and frequency of the attacks, the toll rises: according to IBM’s Cost of a Data Breach report, in Italy the average damage is 3.4 million euros, 13% more than in 2020. global, reaches 4.35 million dollars, the highest level in the last five years. And since there is no talk of small change, consumers are also the losers, on whom companies partly offload the costs of the attacks.
Because the users lose out
“It is not just the companies that are victims of attacks that are paying for the consequences of security breaches, but more and more consumers,” the report said. To cope with these costs, in fact, 60% of the organizations analyzed have increased the prices of their products and services. “Cybercriminals – underlines IBM – are acquiring an ever greater weight in defining the fate of the global economy, contributing with their activities to the increase in inflation and interruptions in supply chains”.
Attack tactics
Globally, nearly one in five attacks are caused by stolen or compromised credentials. In Italy, however, the first vector is phishing. That is a tactic that aims to deceive the victim, often via e-mail. However, it is not phishing that causes the most significant damage: the costs due to accidental data loss are higher (on average just under 5 million euros).
Ransomware: why paying is not convenient
Ransomware is very common (one in ten cases), attacks that do not just intrude on the device or network but block it and ask for a ransom to free it. The study confirmed that paying is not a good idea. Because there is no certainty and, above all, because the ransom does not contribute to limiting the costs of violations. In fact, ransomware victims who chose to pay only saved $ 610,000 compared to organizations who chose not to. However, the cost of the redemption must be deducted from this figure. Considering that, according to Sophos, the average payment request was $ 812,000 in 2021, paying does not seem to be convenient, either operationally or economically.
Other collateral damage must also be considered. In fact, what IBM calls the “persecutory effect” is accentuating: 83% of the organizations analyzed have suffered more than one violation in the course of their activity. In short: getting rid of a problem does not mean having solved it. The ransom also finances (indirectly) future attacks, while the company could use the same amount to improve its cybersecurity. In other words: you end up supporting your opponent rather than strengthening your defense. A mistake, also because, on this point, businesses are still lagging behind
Companies late
Only 40% have a sufficiently mature level of “Zero Trust” systems, ie with an approach that presupposes – always, everywhere and for anyone – authentication and verification. Yet the results are clear: Italian companies that have mature systems have managed to halve the costs of data breaches: 2.16 million euros against 4.86 million for companies that have not yet adopted countermeasures. The IBM report therefore confirms that spending on IT security is actually an investment, especially when it is aimed at automation and artificial intelligence: organizations that have massively adopted solutions of this type have paid an average of $ 3 million less.