IBM Boosts Its Security Presence as Data Breach Costs Rise
Computing and technology services giant IBM has boosted its presence in the booming computer and information security business today, with a new set of services aimed at fending off attacks and analyzing breaches after they’ve occurred.
IBM today launched its Threat Protection System and a service called Critical Data Protection, which it says are the result of two years of investment and a series of acquisitions, including one last summer for Israel-based Trusteer, which at the time was pegged at nearly $1 billion.
And while IBM doesn’t disclose how much revenue its security services bring in each year, the research firm IDC has ranked it third behind Symantec and Cisco Systems in the security business. According to its annual report, Big Blue grew its overall security business by 19 percent in 2013.
The two services are essentially enhancements to existing efforts. The Threat Protection service builds on technology IBM acquired from Trusteer and Q1 Labs, another acquisition, to block attacks that are getting more sophisticated. And when blocking fails, there are new forensic tools and an expanded global emergency response service.
The second service, Critical Data Protection, is built around the assumption that the most valuable data inside a company — the stuff attackers usually want to steal — generally amounts to about two percent of all the data it has but can account for as much as 70 percent of a publicly traded company’s value.
The trouble is, in many cases companies don’t necessarily know exactly what this data is, where it’s stored, how many copies of it exist and who has access to it. That’s a recipe for trouble because when a hacker gets in, it’s almost always a matter of days or weeks before the attack is discovered, by which time it’s too late.
And about that: IBM’s announcements coincided with the release of some new research from the Ponemon Institute showing that the average cost of a data breach is going up. The organization estimates that the average cost to U.S. companies for every data record stolen is $201, up from $188 in 2013.
It may not sound like much, but when you take into account the average number of records per breach among the 383 companies and government organizations in the survey sample — which was north of 29,000 — it starts to add up quickly. The average total cost per breach among companies surveyed was nearly $6 million. This year’s report also represents a reversal of a trend: The cost per breach had been on the decline in the last few years, it said.
IBM couldn’t have asked for better marketing on Monday: One data breach led to the resignation of Target’s CEO. And with the revelation last month of the Heartbleed vulnerability, it’s likely we’ll be talking about rising breach costs for awhile.