Home M3AAWG Blog New Ponemon Research Reports Business Email Compromise Attacks Result in Highest Costs

The 2021 Ponemon Data Breach research report, sponsored by IBM, has been released, and data shows that the cost of breaches and attacks continues to increase.

Per the report, available here (registration required), business email compromise (BEC) was responsible for only 4% of breaches, but had the highest average total cost of the 10 initial attack vectors in the study, at $5.01 million. The second costliest was phishing ($4.65 million), followed by malicious insiders ($4.61 million), social engineering ($4.47 million), and compromised credentials ($4.37 million). 

The report calculated costs on four factors, all of which are “…process-related activities drive a range of expenditures associated with an organization’s data breach: detection and escalation, notification, post breach response and lost business.”

Significantly, the research found that “…Data breach costs increased significantly year-over year from the 2020 report to the 2021 report, increasing from $3.86 million in 2020 to $4.24 million in 2021. 

The increase of $0.38 million ($380,000) represents a 9.8% increase. This compares to a decrease of 1.5% from the 2019 to 2020 report year. The cost of a data breach increased by 11.9% since 2015.” 

What kind of data was impacted in attacks and breaches? The report noted, “…Customer PII was included in 44% of all breaches in the study. Anonymized customer data (i.e., data that is modified to remove PII) was compromised in 28% of the breaches studied, the second most common type of record compromised in breaches.”

M3AAWG and its members continue to work to protect email and messaging. Check out our many best practices documents, including sending mandated emails, non-human interactions handling email, email authentication and more at https://www.m3aawg.org/published-documents.



The views expressed in DM3Z are those of the individual authors and do not necessarily reflect M3AAWG policy.