Block title


Malicious attacks led to most expensive data breaches

- Advertisment -

SA companies lose millions from attacks on data; AI and automation significantly reduce costs

IBM Security announced the results of a study examining the financial impact of data breaches, revealing that these incidents cost South African companies on average R40.2 million per breach, amongst organisations studied.

Based on in-depth analysis of data breaches experienced by South African organisations, the study found that malicious attacks on customer, employee and corporate data were most prevalent – accounting for 48% of incidents – and proving to be the costliest cause of breaches to businesses.

As companies are increasingly accessing sensitive data via new remote work and cloud-based business operations, the report sheds light on the financial losses that organisations can suffer if this data is compromised. Sponsored by IBM Security and conducted by the Ponemon Institute, the 2020 Cost of a Data Breach Report is based on in-depth interviews with security professional in organisations that suffered a data breach over the past year.

Examining cost factors which contribute to the cost of the data breach in South Africa, the study found that:

  • For companies studied in South Africa, the average time to identify a data breach increased to 177 days (from 175 days in 2019), and the average time to contain a data breach once identified decreased to 51 days (from 56 days in 2019). The global average to identify a data breach was higher at 207 days with an average time of 73 days to contain the breach.
  • In South Africa, the three root causes of data breaches were identified as malicious or criminal attack (48%), human error (26%) and system glitches (26%).
  • On average, malicious or criminal attacks took 191 days to identify and 62 days to contain. Human error breaches took 164 days to identify and 40 days to contain while system glitch breaches took 163 days to identify and 44 to contain.
  • The amount of lost or stolen records also impacts the cost of a breach, costing R1,984 per lost or stolen record on average – a 9.35% decrease from 2019.
  • Investments in smart tech resulted in lower breach costs as companies who had fully deployed security automation technologies (which leverage AI, analytics and automated orchestration to identify and respond to security events) experienced lower data breach costs compared to those who didn’t have these tools deployed.

“It is becoming increasingly important for IT leaders to put security measures in place which reduce the impact of a data breach. With this year’s study we’re seeing how costs were much higher for South African organisations that had not yet invested in areas such as security automation and incident response processes – and how complex security systems and cloud migration cost companies the most. With growing complexities facing companies, putting measures in place which significantly reduce the time it takes to investigate, isolate, contain and respond to the damage, will significantly reduce financial and brand impact,” said Sheldon Hand, IBM Security Leader for South Africa.

Employee Credentials and Misconfigured Clouds – Attackers’ Entry Point of Choice

In global findings, stolen or compromised credentials and cloud misconfigurations were the most common causes of a malicious breach for companies in the report, representing nearly 40% of malicious incidents. With over 8.5 billion records exposed in 2019, and attackers using previously exposed emails and passwords in one out of five breaches studied, businesses should rethink their security strategy via the adoption of a zero-trust approach, re-examining how they authenticate users and the extent of access users are granted.

Similarly, South African companies struggle with security complexity, a top breach cost factor which increases the cost implication by R3.3 million on average for South African companies studied in the report.

Advanced Security Technologies Prove Smart for Business

The report highlights the growing divide in breach costs between businesses in South Africa implementing advanced security technologies and those lagging behind, revealing a cost-saving difference of R2.5 million for SA companies with  deployed security analytics versus those that have yet to deploy this type of technology.

Companies in the study with fully deployed security automation also reported significantly shorter response time to breaches, another key factor shown to reduce breach costs in the analysis. The report found that AI, machine learning, analytics and other forms of security automation enabled companies to respond to breaches faster than companies that have yet to deploy security automation. The study found that South African organisations which invested in AI platforms were also found to save R2 million on the average cost of a data breach.

Incident response (IR) preparedness also continues to heavily influence the financial aftermath of a breach. According to the report, South African companies with neither an IR team nor testing of IR plans experience higher average breach costs, whereas local companies that have both an IR team and use tabletop exercises or simulations to test IR plans, experience R3.4 million less in breach costs. This reaffirms that preparedness and readiness yield a significant ROI in cybersecurity.

About the study

The annual Cost of a Data Breach Report is based on in-depth analysis of real-world data breaches occurring between August 2019 and April 2020, taking into account hundreds of cost factors including legal, regulatory and technical activities as well as loss of brand equity, customers and employee productivity.  To download a copy of the 2020 Cost of a Data Breach Report, please visit


Please enter your comment!
Please enter your name here

Latest articles

EM re-packes DEHNguard Basic surge protection

Surge protection is important to reduce stress on any equipment when load shedding switching surges occur, while higher lightning activity also means surges are...

Analyze MyDrives Edge is first drive edge application

As part of the digital enterprise SPS dialogue, Siemens is launching Analyze MyDrives Edge, its first edge application for drives. The company is demonstrating...

Touch-free automated entrances are safer

As the world continues to battle the COVID-19 pandemic, businesses are increasingly turning to technology to stabilise everyday life – with security and access...

Small E-Stop emergency button offers 360° visibility

RS Components (RS), has added the Eaton RMQ Small E-Stop to its emergency pushbutton portfolio. This compact device is around 30% smaller than standard...

Black Friday – High Risk: High Reward

By Howard Feldman, Head of Marketing & People at Synthesis. Black Friday is what happens when the dangerous mixture of anxiety and excitement is blended...

Cut your cake and eat it

Tectra Automation engineered a unique automated cake cutting system for Brenell Quality Desserts in Pietermaritzburg. The company’s previous solution for cake cutting was a...
- Advertisement -

Telviva completes buy-out of AnD Communications

Telviva, formerly Connection Telecom, has increased its shareholding in AnD Communications to 100% of the issued equity. This will not only strengthen the footprint...

SA manufacturing competition postponed for now

Exacerbated by the effects of the ongoing coronavirus pandemic, South Africa’s manufacturing sector is taking significant strain. Predominantly owing to constrained demand and production...

Senixview software – a fourth generation tool

SenixVIEW software, free with every ToughSonic PC configurable Senix Ultrasonic level and distance sensor, keeps improving and getting better. With SenixVIEW, users gain complete control...

Liquid Telecom and Zayo partner to expand coverage

Liquid Telecom has announced its partnership with Zayo Group Holdings, Inc., a global leader of communications infrastructure. The partnership will see Liquid Telecom and...

Visiting a trade fair from anywhere

Endress+Hauser invites you to its virtual trade fair booth In times of pandemic, face-to-face encounters are drastically restricted, and crowds of people are to be...