Connecting state and local government leaders
It takes government agencies more than 225 days to identify a cyber threat and 92 days to contain it, but AI and automation could significantly reduce that time.
Hackers pulled off one of the largest data breaches in Oregon’s history last month when they accessed 3.5 million drivers licenses and identification cards. State officials became aware of the breach on June 1. Oregonians learned about it two weeks later.
Initially, state officials didn’t have any information about what was stolen—that would take “days of analysis” to determine, according to Michelle Godfrey, spokesperson for the Oregon Driver and Motor Vehicle Services. It would take several more days to ready the resources that state residents would need to monitor their credit reports.
While the event is specific to Oregon, the need for a timely response from hacked agencies is not. Government agencies typically take more than 225 days to identify a cyber threat and 92 to contain that threat, according to a new report from IBM Security. By comparison, researchers found that companies in the private sector take 204 days to identify cyber threats and 73 days to contain them.
When all is said and done, Oregon’s response was quick. But the breach will likely cost the state millions. The average cost of a data breach to public sector agencies is $2.6 million, according to the report. That is far below the nearly $4.5 million average cost globally across all sectors—an all-time high for the report and a 15% increase over the last three years.
The cost of cyberattacks to the public sector was lower than other industries, including health care, which had an average cost of more than $10 million for every data breach, financial services at $5.9 million and the pharmaceutical industry at $4.8 million. The public sector even trailed sectors like entertainment ($3.6 million), media ($3.5 million), hospitality ($3.3 million) and retail ($2.9 million).
The report, which is in its 18th year, analyzed 553 data breaches across 16 countries and in 17 different industries. Researchers found that phishing was the top method by which cybercriminals accessed data at 16%, demonstrating the importance of government agencies to continue training employees on hackers’ latest tactics.
Compromised credentials closely followed as a leading method used by hackers at 15%, while cloud misconfiguration was to blame for 11% of breaches.
As for responding to attacks, IBM found that 19% of public sector agencies make “extensive use” of security driven by artificial intelligence and automation, which can reduce staff workload, increase efficiency and save money. The company found that the approaches could save organizations in the public or private sectors around $1.7 million in data breach costs and 108 days in time identifying and containing a breach.
“With public sector averaging costs of $2.6 million per breach, and these incidents becoming increasingly complex to resolve, it’s more important than ever for CIOs and other government leaders to take proactive steps to invest in security strategies that are shown to reduce risk, increase resiliency and safeguard the sensitive information they collect,” John Dwyer, head of research at IBM X-Force, said in an email.
Across the various industries surveyed by IBM, cloud environments were found to be a rich target for cybercriminals. Researchers found that 82% of breaches involved data stored in public, private or hybrid cloud environments. And only one-third of breaches were identified by an organization’s own security team or tools, which IBM said highlighted “a need for better threat detection” across industries.
In addition to investing in automated security tools, IBM urged organizations across all sectors to build security into every stage of software development and deployment, modernize their data protection practices across the hybrid cloud, and understand their attack surface so they can be better prepared. Dwyer said there is no time like the present to get started.
“The best time to take action is now,” he said, “before a cybersecurity breach happens.”