IBM Data Breach Report 2021: the four main findings

7. September, 2021

For many years IBM Security publishes a “Cost of a Data Breach” report. This compilation and evaluation of over 500 actual incidents in 17 countries create a repeatable comparative benchmark for the cybersecurity industry. The study is intended to provide companies that handle sensitive data with an up-to-date status for assessing the situation and to enable a financial evaluation. The report focuses on identifying a comprehensible trend in the costs per data breach. The largest share of the often enormous costs is predominantly the loss of business activity [1]. Unsurprisingly, the most significant increase in incidents is found in the healthcare industry, while the highest costs per individual incident are incurred in the public sector. But there is also good news: The statistics for the energy sector have improved.

Highest increases since 2015

The current report results in 2021 are pretty straightforward: both the average total cost of a data breach and the cost per compromised record in an incident reached the highest level since IBM started publishing this report. In general, the highest annual increase in damage amounts of 10% on average was also noted. Further evaluations can be found, e.g. here [2,3].

What are the essential findings of the report?

One thing first, the report and the individual areas of the studies and evaluations are pervasive. Unfortunately, we see increases in cybercrime in many regions, which urgently require increased improvement and additional preparation. Some of the summarized results give the following picture:

1) Ransomware incidents are more expensive than pure data breaches

From 2020 to 2021, the average cost of a data breach increased from $3.86 million to $4.24 million. The average cost of a ransomware breach was higher than a data breach ($4.62 million). Time was found to be the most significant contributor to the cost of security incidents. The longer a security breach remains undetected, the more sensitive data can be retrieved by cybercriminals. The negative financial impact of prolonged disruptions is exacerbated when lost value creation due to protracted system failures and customer turnover.

2) Compromised credentials are the most common attack vector

Disclosure of credentials, such as compromised business emails, accounted for 20% of the data breaches. Statistics of phishing, misconfigurations in the cloud and vulnerabilities in third-party software are tracked.

  • Business Email Compromise – approx. 5 million US-Dollar
  • Phishing – approx. 4,6 million US-Dollar
  • Malicious insiders – approx. 4,6 million US-Dollar
  • Criminal social engineering attacks – approx. 4,5 million US-Dollar
  • Vulnerabilities in third-party software – approx. 4,3 million US-Dollar

3) Duration has an impact on the level of damage – countermeasures help

The entire security breach cycle includes the time between the occurrence of a data breach and its containment. In 2019, it took an average of 206 days to detect a breach and 73 days to contain it, for a total of 279 days. In 2021, it takes an average of 212 days to detect a breach and 75 days to contain it, for a total of 287 days.

If this period was less than 200 days, incidents were on average $1.26 million less costly than above ($3.61 million versus $4.87 million). It was observed that the individual preparation of the companies had a significant influence on the amount of damage. For companies that had implemented a mature security concept, the damage amounts were significantly lower. If precautions were lacking, these costs were substantially higher.

4) Automations reduce costs for cyber security incidents

Companies that deployed security automation technologies and services could reduce the cost of data breaches and security incidents by up to 80%. Companies that did not use such up-to-date technologies had to budget an average of $6.7 million for a data breach, compared to $2.9 million for companies that had implemented such technical up-to-date solutions and services. This is more than half less!

Conclusion: The fact that cyber security incidents have increased and the frequency of cybercriminal activities is on the rise will no longer surprise anyone. The financial impact can be significantly improved through preparation, planning, and the use of current technologies and tools should be reason enough to deal with this topic extensively and be well prepared for a possible incident. IKARUS will be glad to advise you on this!

IKARUS Sales Hotline: +43 1 58995-500


Prognosen für die zehn größten Cybersecurity-Bedrohungen für 2030
E-Mail Verschlüsselung
Schritt für Schritt zum Notfallplan für IT-Security-Incidents
Account Management
Indicators of Attack
Gefahren durch vertrauenswürdige Services
Threat Intelligence
SQL Injection
SMTP Smuggling
Cyber-Risiken in der Ferienzeit
Dynamische Cybersicherheit
Harmony Mobile by Check Point
EU Machinery Regulation


IKARUS Security Software GmbH Blechturmgasse 11
1050 Vienna

Phone: +43 1 58995-0
Sales Hotline:
+43 1 58995-500


Support hotline:
+43 1 58995-400

Support hours:
Mon – Thu: 8am – 5pm
Fri: 8am – 3pm
24/7 support by arrangement

Remote maintenance software:
AnyDesk Download