Average cost of a data breach in SA is R53.1m – Report

The average cost of a single data breach case in South Africa is a whopping R53.1 million in 2024, according to research by IBM.

According to IBM’s annual Cost of a Data Breach Report, published this week, stolen or compromised credentials were the most common initial attack vectors in South Africa, accounting for 17% of all cyberattacks. These types of attacks averaged a total cost of R56 million per breach.

Breaches

Phishing attacks accounted for 12% of cases (R56.31 million). Business email compromise was the most expensive entry point (R63 million) at 10% of breaches studied.

According to the 2024 report, 49% of breaches involved data stored across multiple environments including public cloud, private cloud, and on-prem. These breaches were also the most expensive at R59 million on average and took the longest to identify and contain (263 days).

ALSO READ: Dark web reveals cybercriminals targeting Olympics

Industries impacted

In South Africa, financial services participants saw the most costly breaches across industries with average costs reaching R75.31, followed by the industrial sector (R67.26) and hospitality (R61.76).

Ria Pinto, General Manager and Technology Leader at IBM South Africa said South African organisations are facing cyber threats and data breaches at an exponential rate, and this highlights the urgent need for robust cyber security measures.

“As the complexity and frequency of these threats continue to grow, deploying AI-driven security solutions becomes crucial in safeguarding our national digital infrastructure.

“AI-driven security solutions can support the detection and mitigation of risks more efficiently. They are also critical in fortifying the defences of our organisations to help ensure business resiliency and empower organisations to navigate the evolving cyber landscape securely and confidently,” Pinto said.

South Africa’s rank

Organisations studied needed an average of 227 days to identify and contain incidents, 31 days below the global average for the data breach lifecycle, which was 258 days.

The top three factors that amplified breach costs for local organisations were security system complexity, security skills shortage and non-compliance with regulations.

The IBM report also showed that South Africa in 2024 was ranked the 14th most expensive country by cost of a data breach out of 16 countries studied.

The US was the most expensive, with the average data breach costing US $9.36 million, or more than three times the cost in South Africa while the Middle East is in second costing US $8.75 million.

Other countries/regions in the IBM study include Benelux (Belgium, the Netherlands and Luxembourg), Canada, the UK, Japan, India, Brazil and South Korea among others.

Healtcare breach

The average breach cost for healthcare fell 10.6%, to US $9.77 million. But that factor wasn’t enough to remove it from the top costliest industry for breaches—a spot it’s held since 2011.

Healthcare remains a target for attackers since the industry often suffers from existing technologies and is highly vulnerable to disruption, which can put patient safety at stake

Now in its 19th year, the report is conducted by IBM Security and Ponemon Institute. It studied 604 organisations globally, including South Africa impacted by data breaches between March 2023 and February 2024.

Download the (PDF) the report here.

ALSO READ: No one immune to cybercrime, not even Ramaphosa