The cost of a data breach is going up.

That’s according to IBM’s annual survey that found the average breach cost of 553 organizations studied over the course of 12 months ending March 30, 2023, tallied US$4.45 million – a 2.3 per cent increase compared to a year earlier. It’s also a whopping 15.3 per cent since IBM’s 2020 report. (Research for the study was conducted by the Ponemon Institute.)

Although Canadian companies are faring better than last year with the cost of data breaches at the 28 organizations included in the study dropping a bit from C$7 million to $6.9 million, Canada was the geography with the third highest breach costs behind the U.S., which was first, and a grouping of Middle East countries, which placed second.

It’s important to note these costs don’t include any ransomware or extortion payments organizations may have made, or the cost to recover from an incident.

As reported by IT World Canada, Canada’s breaches were more expensive – double that of Australia, for example. In the article, a partner in IBM Canada’s security consulting and delivery practice speculated that many of the Canadian organizations included the study were regulated industries, where recovery costs are higher, while noting the overall trend is heading in the wrong direction.

A notable data point in the IBM study is that two thirds of breaches were report by an outsourced / third party rather than their own security team discovering the breach. This indicates many Canadian organizations don’t have the right level of monitoring and insights to provide the network visibility necessary to prevent and mitigate breaches.

Another interesting stat was that organizations with high DevSecOps adoption had less costlier data breaches. Aside from getting your application development teams to “shift left” with DevSecOps, the best strategies for lowering the average cost a data breach according to the IBM study were employee awareness training, a regularly tested incident response plan, and leveraging artificial intelligence or machine learning insights.

IBM recommends following the “basics” as they are most effective tools for preventing data breaches – user threat intelligence, robust identity and access management, employee awareness training and setting up a zero-trust IT architecture, as well as leveraging AI and automation to reduce the burden on security teams. These should be complemented by a strong incident response plan, so the organization is ready to mitigate and recover quickly in the event of a breach.

Given the dynamic landscape security teams must navigate, as well as the pressure to retain talent, organizations should consider looking to a managed service provider – they can help to evaluate your current security posture and provide ongoing staff and resources to complement your IT staff.