Block title


Malicious attacks led to most expensive data breaches

- Advertisment -

SA companies lose millions from attacks on data; AI and automation significantly reduce costs

IBM Security announced the results of a study examining the financial impact of data breaches, revealing that these incidents cost South African companies on average R40.2 million per breach, amongst organisations studied.

Based on in-depth analysis of data breaches experienced by South African organisations, the study found that malicious attacks on customer, employee and corporate data were most prevalent – accounting for 48% of incidents – and proving to be the costliest cause of breaches to businesses.

As companies are increasingly accessing sensitive data via new remote work and cloud-based business operations, the report sheds light on the financial losses that organisations can suffer if this data is compromised. Sponsored by IBM Security and conducted by the Ponemon Institute, the 2020 Cost of a Data Breach Report is based on in-depth interviews with security professional in organisations that suffered a data breach over the past year.

Examining cost factors which contribute to the cost of the data breach in South Africa, the study found that:

  • For companies studied in South Africa, the average time to identify a data breach increased to 177 days (from 175 days in 2019), and the average time to contain a data breach once identified decreased to 51 days (from 56 days in 2019). The global average to identify a data breach was higher at 207 days with an average time of 73 days to contain the breach.
  • In South Africa, the three root causes of data breaches were identified as malicious or criminal attack (48%), human error (26%) and system glitches (26%).
  • On average, malicious or criminal attacks took 191 days to identify and 62 days to contain. Human error breaches took 164 days to identify and 40 days to contain while system glitch breaches took 163 days to identify and 44 to contain.
  • The amount of lost or stolen records also impacts the cost of a breach, costing R1,984 per lost or stolen record on average – a 9.35% decrease from 2019.
  • Investments in smart tech resulted in lower breach costs as companies who had fully deployed security automation technologies (which leverage AI, analytics and automated orchestration to identify and respond to security events) experienced lower data breach costs compared to those who didn’t have these tools deployed.

“It is becoming increasingly important for IT leaders to put security measures in place which reduce the impact of a data breach. With this year’s study we’re seeing how costs were much higher for South African organisations that had not yet invested in areas such as security automation and incident response processes – and how complex security systems and cloud migration cost companies the most. With growing complexities facing companies, putting measures in place which significantly reduce the time it takes to investigate, isolate, contain and respond to the damage, will significantly reduce financial and brand impact,” said Sheldon Hand, IBM Security Leader for South Africa.

Employee Credentials and Misconfigured Clouds – Attackers’ Entry Point of Choice

In global findings, stolen or compromised credentials and cloud misconfigurations were the most common causes of a malicious breach for companies in the report, representing nearly 40% of malicious incidents. With over 8.5 billion records exposed in 2019, and attackers using previously exposed emails and passwords in one out of five breaches studied, businesses should rethink their security strategy via the adoption of a zero-trust approach, re-examining how they authenticate users and the extent of access users are granted.

Similarly, South African companies struggle with security complexity, a top breach cost factor which increases the cost implication by R3.3 million on average for South African companies studied in the report.

Advanced Security Technologies Prove Smart for Business

The report highlights the growing divide in breach costs between businesses in South Africa implementing advanced security technologies and those lagging behind, revealing a cost-saving difference of R2.5 million for SA companies with  deployed security analytics versus those that have yet to deploy this type of technology.

Companies in the study with fully deployed security automation also reported significantly shorter response time to breaches, another key factor shown to reduce breach costs in the analysis. The report found that AI, machine learning, analytics and other forms of security automation enabled companies to respond to breaches faster than companies that have yet to deploy security automation. The study found that South African organisations which invested in AI platforms were also found to save R2 million on the average cost of a data breach.

Incident response (IR) preparedness also continues to heavily influence the financial aftermath of a breach. According to the report, South African companies with neither an IR team nor testing of IR plans experience higher average breach costs, whereas local companies that have both an IR team and use tabletop exercises or simulations to test IR plans, experience R3.4 million less in breach costs. This reaffirms that preparedness and readiness yield a significant ROI in cybersecurity.

About the study

The annual Cost of a Data Breach Report is based on in-depth analysis of real-world data breaches occurring between August 2019 and April 2020, taking into account hundreds of cost factors including legal, regulatory and technical activities as well as loss of brand equity, customers and employee productivity.  To download a copy of the 2020 Cost of a Data Breach Report, please visit


Please enter your comment!
Please enter your name here

Latest articles

Space Weather Forecasting is in its Infancy

Science writer Mark Zastrow recently wrote: “As humanity becomes ever more dependent on technology, nations are investing more resources into space weather forecasting to...

South African stakeholders commit to responsible AI

Much like a microcosm of our socio-economic context, the Artificial Intelligence (AI) landscape in South Africa is uneven and burdened with regulatory challenges. If...

Bluetooth 5.2 SoC for small two-layer PCB designs

Nordic has introduced the nRF52805 System-on-Chip (SoC) which is the seventh addition to the nRF52 Series. It augments the already extensive collection of wireless...

Solid Data Management – Fundamental to Achieving PoPI Compliance

By Johan Scheepers, Country Head at Commvault South Africa Sections of the long-anticipated Protection of Personal Information (PoPI) Act 4 of 2013 came into effect...

Building a geosmart business

By Marinus van der Merwe, CEO, Fernridge  Geospatial technology can be used to create a multi-dimensional snapshot of the entire business, helping to support key...

New partnership makes endpoint defense more accessible

Networks Unlimited launches new MSSP partnership with SentinelOne to make endpoint defense suite offering more accessible Networks Unlimited Africa and its vendor partner SentinelOne have...
- Advertisement -

WiFi for COVID-19 patients at Baragwanath

Putting patients in touch with loved ones Reflex Solutions in collaboration with Mustek, Dark Fibre Africa (DFA) and ESET installed free secure WiFi at Chris...

RS PRO queue system for crowded environments

SMART-Q beacon tower features luminous and acoustic signalling to manage the flow of customers and staff in environments where queues can typically gather  RS has introduced...

SilverBridge, DocFusion partnership drives digitalisation in financial services

Microsoft Managed Partners SilverBridge and DocFusion have entered into a strategic alliance that sees the DocFusion document generation solution integrated into the SilverBridge digital...

SensePost teams up with Orange Cyberdefense

From 1 August 2020, SensePost has changed the name of its ethical hacking team and related services to Orange Cyberdefense. CEO Dominic White says...

The Solar Minimum Superstorm of 1903

Don’t let solar minimum fool you. The Sun can throw a major tantrum even during the quiet phase of the 11 year solar cycle....