Have you heard, data breaches are on the rise? Oh, and they cost more to recover from too.
The latest installment from IBM, Cost of a Data Breach Report 2023, is out and filled with a plethora of statistics about data breaches. Some are surprising, some are insightful, but one is head-scratching.
Data Breach Statistics
The number of data breaches is going up. From Infosecurity magazine, “a total of 108.9 million accounts were breached in the third quarter of 2022, a 70% increase compared to the previous quarter.” That’s quite an increase.
The cost of data breaches is also going up. “The average cost of a data breach reached an all-time high in 2023 of USD 4.45 million. This represents a 2.3% increase from the 2022 cost of USD 4.35 million. Taking a long-term view, the average cost has increased 15.3% from USD 3.86 million in the 2020 report.”
Many of these numbers are not unexpected as more companies migrate to the cloud. Still, a 70% increase in data breaches in one quarter is a little surprising.
Defending Data Breaches
“The types of security technologies and practices employed within an organization are among many factors that influence the mean cost of a data breach,” according to the report. In other words, organizations can reduce the impact of an (almost inevitable) data breach by making smart investments in security.
There are 19 factors that can reduce the cost of a data breach. These include things like employee training, incident response planning, encryption, etc. But, there is one that stands at the very top of the list: DevSecOps.
“Integrated security testing in the software development process (DevSecOps) showed sizable ROI in 2023. Organizations with high DevSecOps adoption saved USD 1.68 million compared to those with low or no adoption. Compared to other cost-mitigating factors, DevSecOps demonstrated the largest cost savings.”
It’s not a secret. DevSecOps lowers the chances of a data breach and reduces the cost of recovery if you should experience one. Investing in DevSecOps seems like a pretty simple decision, if you are at all concerned about data breaches, which makes this one statistic from the report a real head scratcher.
One Head-Scratching Statistic
So what’s the head-scratching statistic? Even after suffering a data breach, half of the organizations say they have no interest in increasing their investment in security.
“Even as the global cost of a data breach increased, research participants reported divided perspectives on increasing security investments after an incident. 51% of respondents indicated they planned for additional security spending after the breach.”
They know the chances of a data breach are rising. They know they cost of a data breach is rising. And they know an investment in DevSecOps reduces both the chance and cost of a data breach and still, they’re not interested in making that investment. That’s head-scratching!
Assuming you work at the half of the companies that do see the benefit of investing in DevSecOps, you probably want to know how to do it. The most seamless way to do it is to turn DevOps into DevSecOps by integrating threat modeling into the process. And one of the best ways to do that is with ThreatModeler.
ThreatModeler understands the value of threat modeling, but also understands how intimidating it can be. That’s why ThreatModeler has been designed from the start with one goal in mind: one-click threat modeling. Rest assured it cost less than $1.68 million.