By 
The average cost of a data breach in South Africa is R53.1-million in 2024, according to research by IBM.
This is according to IBM’s annual Cost of a Data Breach Report, published this week.
Stolen or compromised credentials were the most common initial attack vectors in South Africa, accounting for 17% of all cyberattacks. These types of attacks averaged a total cost of R56-million per breach.
Phishing attacks accounted for 12% of security breaches in the period, on average costing R56-million per attack. The most expensive type of attack was due to business e-mail compromise, accounting for 10% of the breaches studied and costing R63-million per attack.
IBM identified security staffing shortages as one of the key factors that drove up the cost of a breach in 2024
“South African organisations are facing cyberthreats and data breaches [growing] at an exponential rate, and this highlights the urgent need for robust cybersecurity measures,” said IBM South Africa GM Ria Pinto.
“As the complexity and frequency of these threats grows, deploying AI-driven security solutions becomes crucial in safeguarding our national digital infrastructure.”
The report shows that 78% of organisations locally studied are deploying AI-infused cybersecurity tools through their security operations centres, a 10% increase from the previous year. Local organisations that “used AI extensively”, it said, incurred an average of R19-million less in breach costs.
Healthcare sector
In 2024, the 19th year of IBM’s annual report, South Africa was ranked the 14th most expensive country by cost of a data breach out of 16 countries studied. The US was the most expensive, with the average data breach costing US$9.36-million, or more than three times the cost in South Africa.
Other countries/regions in the IBM study include: the Middle East, Benelux (Belgium, the Netherlands and Luxembourg), Canada, the UK, Japan, India and Brazil.
Globally, the healthcare sector suffered the most expenses per attack on average. The average cost of a breach in this sector was $9.8-million in 2024, down 10.6% from $10.93-million the previous year. The financial and industrial sectors were next in line, with average costs of $6.1-million and $5.6-million per breach, respectively.
IBM identified security staffing shortages as one of the key factors that drove up the cost of a breach in 2024. According to the report, more than half of the organisations studied globally – out of a total of 604 – had severe or high-level staffing shortages. When these companies suffered breaches, the resulting costs were between $3-million and $4-million higher than companies with adequate staffing.
“Mounting staffing challenges may soon see relief as more organisations worldwide stated that they are planning to increase security budgets compared to last year (63% vs 51%), and employee training emerged as a top planned investment area,” said IBM.
“Globally, organisations also plan to invest in incident-response planning and testing, threat detection and response technologies, identity and access management, and data security protection tools,” IBM said. – © 2024 NewsCentral Media
Comments