Financial services companies may find themselves short a few million dollars — C$9.28 million to be exact — if they ever experience a data breach.  

That industry, followed by technology companies (CA$7.84 million), are hardest hit by costly data breaches in Canada so far in 2024, finds a new report by IBM. 

On average, Canadian organizations pay CA$6.32 million per data breach, finds the annual Cost of a Data Breach Report.  

That actually represents a drop in the average cost of a data breach from the prior year’s $6.9 million average in the 2023 report.

What’s more, last year Canada was third globally for the costliest data breaches, but it now sits in sixth place.

Part of that reduction in breach costs can be attributed to the 61% of Canadian companies that now deploy security AI and automation to prevent breaches. 

In fact, organizations that extensively use AI and automation in their security operations had breach lifecycles that were 54 days shorter and cost C$2.84 million less on average compared to companies not using these technologies, IBM finds.

“Canadian organizations that invest in AI and automation will be better equipped to detect and recover from breaches, reducing the significant costs associated with these events,” Daina Proctor, IBM Canada’s security service line delivery leader said.

“The findings of this report underscore the business imperative for companies to integrate AI and automation into their cybersecurity programs to reduce both the financial impact and business disruption of cyber breaches.” 

Canadian businesses also identified threat intelligence, employee training, and identity and access management (IAM) as factors that have helped reduce data breach costs. 

Phishing attacks were the most common type of initial attack vector (14% of incidents). 

Property storage and management of data has also proven key for businesses. 

One-third (33%) of breaches in Canada involved data that was stored across multiple environments, and another 31% involved data stored solely on a public cloud.  

Those public cloud breaches were also the most expensive to remediate, at CA$6.74 million. 

“Even as organizations expand and refine their data management strategies, they often overlook shadow data — data that’s unmanaged and likely invisible to the IT department,” the report reads. “It could be the result of workers sharing data through unauthorized applications or uploading it to unofficial cloud buckets.” 

The report further finds breaches involving shadow data (i.e., data residing in unmanaged data sources) lasted longer and cost businesses more.  

 

Feature image by iStock.com/alexsl