Articles

In the past six months alone, data breaches at leading Canadian organizations in the energy, retail, and banking industries have cost businesses millions of dollars, showing no sector is immune. This escalating tide of cyberattacks is having profound financial and operational impacts.

IBM’s 2023 Cost of a Data Breach Report reveals that Canadian sectors like banking and energy have been prime targets in the last year, as attackers disrupt operations and extort businesses.

Below are some of the key Canadian findings:

• Canadian companies are still paying nearly CA$7 million in data breach costs, the third highest in the world, according to the IBM report. The average cost of an incident is now CA$6.94 million, not much improved from last year’s CA$7.05 million.
• Financial services and energy companies see the highest breach costs. By far the most impacted across Canada, the country’s financial sector is paying nearly CA$12 million on average per breach, while the energy sector is paying CA$9.37 million on average.
• The use of AI and automation helped identify and contain breaches and reduce costs.
  • Canadian organizations with extensive use of AI and automation in their security operations had breach lifecycles that were 33 days shorter and cost CA$1.74 million less on average than those without the use of AI and automation.
• Phishing is the most common attack type, representing 17% of breaches experienced by Canadian companies and costing CA$6.98 million on average. The most financially devastating but less common (8%) malicious insider breach costs CA$7.98 million.
  • Overall data breaches caused by social engineering, the practice of deceiving or manipulating people into sending information or performing a specific action for illegitimate reasons, jumped 9 percentage points in Canada year-over-year, showing a rising trend of attackers relying on human error and pressure tactics for success. The costs associated with social engineering also jumped 37% compared to last year’s report.
• Employee training is the best way to reduce data breach costs. Canadian companies that combine this training with threat intelligence, encryption, identity, and access management (IAM), proactive threat hunting and AI, can significantly reduce the total cost of a breach.
• Globally, most companies are passing the cost on to consumers when they could be improving security. To cope with breach costs, 57% of breached companies are opting to increase the price of products or services. Yet, only about half (51%) plan on increasing security budgets.

IBM 2023 Cost of a Data Breach – Recommendations:

• Use security AI and automation extensively to reduce workload and increase the efficiency of your security operations. This change results in significant cost savings and faster breach identification ​and containment.​
• Adopt an attacker’s perspective of your organization’s ​environment by using attack surface management tools ​and adversary simulation techniques. ​
• Document, communicate and practice a companywide IR plan with security, IT, ops, legal, HR, PR, and C-suite and third parties, including ​a retained IR vendor.​
• Employ a DevSecOps approach for integrating security into applications, tools, and platforms across on-prem and cloud environments. Test regularly, if not continuously.​
• Discover and protect data across cloud environments and automate compliance and reporting, including when data is moved.