資料外洩年度調查報告 2023

Cost of a Data
Breach Report 2023
Executive Summary
獨立統計 2022 年 3 月至 2023 年 3 月 553 個遭受過資料外洩影響的機構，
分別從 16 個國家、17 個產業別進行基準評核，同時提供最佳資全保護對策
資料外洩年度調查報告
Cost of a Data Breach Report 2023
Launch Date: July 24 2023

Offers a detailed investigation of factors that

influence financial impacts to organizations.
Organizations can learn what security measures
can mitigate costs.

ü #1 marketing asset for responses and revenue year over year

ü Proprietary research, credible with buyers
ü 3,475 interviews, 550+ breaches analyzed,
ü 16 countries/regions, 17 industries, 18th year

Client Facing Webinar- ibm.biz/breach-webinar

Tues, Aug 1, 2023 11:00 AM EST
The Cost of a Data Breach 2023: Insights, Mitigators and Best
Practices

IBM Security | © 2023 IBM Corporation 2

資料外洩成本與產業統計
Industries ranked by cost

1. Healthcare – USD 10.93 million 10. Consumer – USD 3.80 million (-1)

11. Education – USD 3.65 million (-1)

USD 10.9M
醫療產業 (Health industry) 平均資料外洩成本與損失
2. Financial – USD 5.90 million
12. Research – USD 3.63 million (-4)
1st highest cost 84% higher than the
3. Pharmaceuticals – USD 4.82 million
13. Entertainment – USD 3.62 million (-2) of 17 industries studied USD 4.45M global average
4. Energy – USD 4.78 million (+1)
14. Media – USD 3.58 million (+1)
5. Industrial – USD 4.73 million (+2)

USD 4.82M
15. Hospitality – USD 3.36 million (+1)
6. Technology – USD 4.66 million (-2)
16. Retail – USD 2.96 million (-2)
7. Services – USD 4.47 million (-1)
17. Public sector – USD 2.60 million
8. Transportation – USD 4.18 million (+5)
製藥產業 (Pharmaceuticals) 平均資料外洩成本與損失
9. Communications – USD 3.90 million (+3)

– Avg breach cost increased YtY

3rd highest cost 8% higher than the
– Average breach cost decreased YtY of 17 industries studied USD 4.45M global average
– +/- indicates movement of rank

IBM Security | © 2023 IBM Corporation 3

 醫療產業 Health industry

USD 10.9M
Key statistics Root causes of a data breach

20%
Percentage of
health organizations
with extensive use

Average cost of a data breach in Health industry 34% of security AI and

automation
56%

24%

1st highest cost 84% higher than the

of 17 industries studied USD 4.45M global average USD 850,000 Malicious attack IT failure Human error
Cost savings of fully deployed security AI and
automation versus global average cost of a breach

Global highlights Time to identify and contain

Top 3 initial attack vectors Health industry

231 days to identify 92 days to contain

Phishing 16%

Compromised credentials 15% Global average

Cloud misconfiguration 11% 204 days to identify 73 days to contain

Percentage of all breaches

USD 332M USD 5M USD 1.5M

Average total cost of a Average cost of ransomware- Average cost savings with incident response (IR) teams
breach of > 50M records related breach and testing versus no IR teams or testing

IBM Security | © 2023 IBM Corporation 4

 製藥產業 Pharmaceuticals industry

USD 4.82M
Key statistics Root causes of a data breach

Percentage of 28%
pharmaceutical
45%
organizations with

Average cost of a data breach in Pharmaceuticals 40% extensive use of

security AI and
automation

27%
3rd highest cost 8% higher than the
of 17 industries studied USD 4.45M global average USD 850,000 Malicious attack IT failure Human error
Cost savings of fully deployed security AI and
automation versus global average cost of a breach

Global highlights Time to identify and contain

Top 3 initial attack vectors Pharmaceuticals industry

189 days to identify 66 days to contain

Phishing 16%

Compromised credentials 15% Global average

Cloud misconfiguration 11% 204 days to identify 73 days to contain

Percentage of all breaches

USD 332M USD 5M USD 1.5M

Average total cost of a Average cost of ransomware- Average cost savings with incident response (IR) teams
breach of > 50M records related breach and testing versus no IR teams or testing

IBM Security | © 2023 IBM Corporation 5

資料外洩成本、頻率與威脅分布統計
Average cost and frequency of data
breaches by initial attack vector
3
USD millions 惡意內部威脅導致
4.90 Malicious insider, 4.90 網路釣魚侵入系統
2
1 資料意外/故意遺失 Phishing, 4.76
Business email compromise, 4.67
(普遍性的資料威脅) 4.70
Stolen or compromised
Social engineering, 4.55 credentials, 4.62
4.50
1 Accidental data loss or lost or Unknown (zero-day) vulnerability, 4.45
stolen device, 4.46
2 網路釣魚侵入系統 4.30 資料意外/故意遺失
(最常發生的資料威脅)
Known unpatched vulnerability, 4.17
4.10 Physical security compromise, 4.10

Cloud misconfiguration, 4.00

System error, 3.96
3 惡意內部威脅導致 3.90
(損失最高的資料威脅)

3.70

3.50
0% 2% 4% 6% 8% 10% 12% 14% 16% 18%

IBM Security | © 2023 IBM Corporation

威脅頻率
6
四大安全防護對策
Recommendations

1 2 3 4
設計初期即融入安全設計思維 混合雲環境部署資料保護措施 採用 AI 技術提升安全偵測效率 持續風險分析強化資安韌性
Build security into every stage of Modernize data protection across Use security AI and automation to Strengthen resiliency by knowing
software development and hybrid cloud increase speed and accuracy your attack surface and
deployment—and test regularly practicing IR

- 82% 的資料外洩涉及雲端環境， - 只有 28% 的組織在資訊安全維運

- 採用 DevSecOps 方法（這是 而當中 38% 更涵蓋多個環境，因 上廣泛採用 AI 和自動化技術，潛 - 採用 ASM 工具從攻擊者角度持續
2023 年報告建議最能降低資料外 此混合雲環境資料存取活動的可視 藏很大的提升空間；透過廣泛採用 評估系統整體風險和可能潛藏遭
洩成本的最佳作法）將安全性在初 性和安全管控應作為首要任務。 AI 和 自動化技術，可以顯著節省 駭客利用的漏洞，持續了解產業
始階段即整合到組織工具和平台。 資安維運成本並加快資料外洩威脅 和組織相關攻擊風險現況。
- 利用資料活動監控解決方案來實施 識別與整體威脅回應速度。
- 應用程式開發人員在數位轉型計畫 資料存取安全控管並即時監控任何 - 訂立事件回應 IR 計劃並定期進行
的初期，即應採用 安全設計 可疑資料外洩活動，同時能一體適 - 採用預先整合與嵌入 AI 與自動化 演練與測試，並考慮建立或聘請
(Secure by design) 和 安全為先 用在資料庫、應用程式和服務之間 技術的安全工具，能夠提升資安威 專業資安團隊加速整體資安事件
(Secure by default) 原則來確保系 保護資料存取與合規性要求， 脅偵測、回應和調查整體效能。 回應速度。
統安全。

IBM Security | © 2023 IBM Corporation 7

Delivering security that moves with your business

IBM Security at a glance

全球企業級 混合雲與 AI 數以千計的客⼾
資訊安全提供商 資訊安全領先者 值得信賴的顧問
– 在 17 個安全領域 – 威脅管理 (Threat Management) – 資訊安全諮詢服務
獲得公認的領導地位 (Security consultancy)
– 資料安全 (Data Security)
– 遍布 130 個國家 / 地區的 – 全球資安代管服務商
8,500 多名員⼯；包括 1,000 – ⾝份和訪問 (Identity and Access) (Managed security
名具有數⼗年經驗的世界級駭 services provider)
客、鑑識、研究⼈員和分析師 – 詐欺保護 (Fraud Protection)
– 先進科技⼯具提供商
– 累積 23 年 23 次的安全收購 – 安全策略、風險和合規性 (Technology provider)
(Strategy, Risk and Compliance)

– 雲安全服務諮詢與規劃
(Cloud Security Services)
an IBM Company

an IBM Company

IBM Security 8
Customer Case Study – Singpass
Singpass is every
Singapore resident's
trusted digital
identity, as well as a
platform that
bridges access to
over 700
government
agencies and
private sector
services. From
checking your CPF,
to renewing
insurance policies,
and signing digitally
on documents, we
have developed a
suite of services
and features to
bring convenience
to the everyday
lives of citizens.
Customer Case Study – Singpass – Technical Details
• Industry: Government Agencies
• Location: South East Asia
• Services offered: Identity & Access Management
Automation
• Number of Users: 4 million+ users
• Services used by : All government agencies,
banking and insurance
• Client requirements:
As part of Smart Nation initiatives, customer wanted
to modernize their national identity system by
deploying in AWS and leveraging on cloud native
services.
The system plays a crucial role in the country's
digitalization strategy, allowing citizen and residents
to securely access a multitude of governmental and
private-sector services online.
Solution:
IBM Security Verify solution was chosen as the platform
that can be used as digital identity system which allows
users to access a variety of government services online
using a single set of login credentials. The solution
provides Two-Factor Authentication (2FA), Identity
Federation using SAML/OIDC standards, Session
Management.
Benefits:
Efficiency: The solution reduces the need for multiple
sets of credentials for different services, streamlining
digital interactions.
Security: With features like 2FA, Adaptive Access the
solution ensures that users’ identity is secure.
User-Centricity: By continuously incorporating feedback
and updating its features, solutions provides an ever-
evolving, user-centric digital experience
Healthcare – GCG

UFH – United Family

Healthcare

Business Challenge： Outcomes：

Build industry leading 1. Gain comprehensive security posture and
The client is a typical distributed IT environment, with multiple sites in six major cities. The insights of the distributed environment
client is faced with cybersecurity risk for the massive sensitive data as well as out of date 2. Reduce thousands of events into manageable
Seceurity Operation Center systems running in clinics. The client wants to meet compliance requirements, gain and prioritized security offenses.
holistic security posture visibility, and have a unified threat management capability to 3. Rich OOTB rules and models to enable quick
platform to boost threat correlate all sites and better protect critical applications and data. implementation and reduce skill requriements
4. Integrated with MITRE ATT&CK to use a
protection and compliance Solution: consistent security framework to evaluate
threat risks
IBM Security QRadar SIEM is a threat management platform that enables intelligent
in a distributed security analytics for insight into your most critical threats and provides realtime security 5. Open framework to easy integrate with 3 rd party

posture. After ingested multiple data sources like security devices, identity management tools to maximize existing investment value
etc, it has out-of-the-box analysis capability to quickly detect threats, evaluate the risk, 6. Centrialized security logs management and
environment and prioritize the threats to support threat investigation quickly and effectively. meet compliance requirements
QRadar SIEM also provides templates for various audit reports, and supports customizable
dashboards to provide different views to management team and operation team, including
holistic security posture, and actionable insights, to facilitate the client build industry
leading SOC with limited resources. Solution Components：
• QRadar SIEM
• QRadar Apps like UBA etc.

2022 IBM Corporation

 Healthcare

Business challenge
Hospital das Clínicas de Ribeirão Preto (HCRP) had limited visibility into
the maturity of its security posture, hampering its ability to protect highly
sensitive patient data. HCRP sought a reliable security consultant to
assess its IT environment for vulnerabilities and provide recommendations
for remediation.

Transformation
HCRP engaged IBM Security Services to provide a comprehensive
cybersecurity assessment of its IT environment. After reviewing and
analyzing the infrastructure, the IBM team provided the hospital with a list
of recommendations intended to eliminate vulnerabilities. The
recommendations covered areas such as social media, cloud security,
data privacy and user-authentication processes.

Business benefits
Gained
Hospital das Clínicas de Solution components
•IBM Security Services
Full visibility into security
vulnerabilities across the IT
infrastructure
Ribeirão Preto •Cyber Security Assessment and
Response

Protecting patient data by •Data and Application Security

Improved
assessing vulnerabilities
Security posture by addressing
vulnerabilities identified by the
assessment Hospital das Clínicas de Ribeirão Preto (HCRP) is a teaching hospital in
Ribeirão Preto, Brazil. It provides a population of approximately 2.5 million
people with a wide array of healthcare services. Operating as a tertiary
Increased hospital, it employs doctors that are trained in all medical specialties and
medico-surgical services. Founded in 1952, HCRP has more than 500 beds.
Protection of patient data and
critical assets from internal and
external threats

12 ©©2018 IBM
2016 IBM Corporation
Corporation

Business benefits
Improved internal controls.
Helped company quickly address
two material internal-control
deficiencies, reducing the
potential financial impact.
Addressed compliance.
Avoided legal action and
increased regulatory scrutiny.
Gained new insight.
Gained insight from experts on
how to modernize identity and
access management processes..
Healthcare
Business challenge
During an annual audit, this pharmacy-benefits management company
uncovered IT security and IT change management deficiencies that were
not in adherence with section 404 of the Sarbanes-Oxley Act (SOX). The
company sought a reliable IT provider that could help it remediate these
issues and provide guidance to improve identity and access management
processes overall.
Transformation
IBM consultants with deep expertise in healthcare, internal controls and
regulatory compliance helped the company resolve the audit deficiencies
and address security weaknesses. This work included revalidating user
access accounts, removing inappropriate and unneeded user-access
accounts and strengthening application change-control procedures that
could affect data security overall.
Pharmacy-benefits- Solution components
management company •IBM® QRadar® Security
Intelligence Platform
Remediates audit deficiencies •IBM Security Services –
Application and Data Security
•IBM Security Services – Cyber
and avoids legal action Security Assessment and
Response
•IBM Security Services –
This US-based provides pharmacy-benefit-management software and Identity and Access
Management
services to the healthcare-benefits-management industry. The company
serves many large organizations in the pharmaceutical supply chain, including •IBM Security Services –
employers, government agencies, health plans and retail pharmacy chains. Security Strategy Risk and
Founded in 1993, the company employs nearly 5,000 people and generates Compliance
annual revenue of almost USD 22 billion.
13 ©©2018 IBM
2016 IBM Corporation
Corporation
 Healthcare

Business challenge
Florida Health Care Plans Inc. (FHCP) operates a network of medical and
retail locations that accept credit and debit cards for payment. Prior to its
acquisition by the Florida Blue Cross Blue Shield organization, FHCP was
a small organization and lacked the ability to sufficiently assess and secure
its payment environment on its own.

Transformation
FHCP engaged IBM Security Services to provide security consulting
focused on internal vulnerability scanning, database security, e-commerce
security, and penetration testing for Health Insurance Portability and
Accountability Act (HIPAA) and PCI compliance. The IBM team advised
the client to deploy security controls and solutions to increase security
visibility and responsiveness in its cardholder data environment. The team
also provided PCI gap assessments and completed required reports.

Business benefits
Boosted
Florida Health Care Plans Solution components
•IBM Security Strategy Risk and
Overall security posture and its
ability to address PCI DSS
requirements
Small insurer gets help Compliance Services
•PCI compliance advisory

assessing and securing its services

Received payment card environment

Completed compliance
documents
Positioned
To avoid potential fees and fines
for non-compliance with data
security standards
Florida Health Care Plans Inc. (FHCP), headquartered in the US in Holly Hill,
Florida, is a health insurance company that provides healthcare coverage and
medical services to groups and individuals. FHCP operates locations in the
state in Daytona Beach, Titusville and other cities. The company works to set
the standard for, and maintain, high-quality managed healthcare at a
reasonable cost.

14 ©©2018 IBM
2016 IBM Corporation
Corporation
 Healthcare

Business challenge
Infirmary Health System needed to automate and strengthen security and
endpoint management to better protect Electronic Health Record (EHR)
data and meet HIPPAA and federal meaningful use requirements. The IT
team found it difficult to meet guidelines using point technologies and
manual processes for patching more than 4,000 workstations.

“We can now quickly, easily and Transformation

accurately produce audit reports for Working with ESM Technology, the organization deployed a comprehensive
HIPAA and meaningful use security solution from IBM that helps staff secure endpoints and better detect
compliance.” and respond to threats across the organization. The solution helps it meet all
requirements for data security and easily demonstrate compliance for federal
Chief Information Officer incentives.

Business benefits
Improved compliance.
Infirmary Health System Solution components
•IBM® BigFix® Compliance
Went from an average of 40
percent patch compliance to 90
percent.
Gains meaningful use dollars •IBM BigFix Inventory
•IBM BigFix Lifecycle
with improved security and •IBM BigFix Patch
•IBM BigFix Protection
Reduced risk. audit reporting •IBM QRadar® Log Manager
Has comprehensive and near real •IBM QRadar SIEM
time visibility into offenses and •Solution delivered by IBM
threats.
This large non-government healthcare system in Alabama treats more than Business Partner ESM
100,000 patients annually. The organization includes three acute-care Technology
hospitals, three rehabilitation hospitals, three outpatient facilities and more
Reduced costs. than 30 medical clinics.
Reduced endpoint licensing costs
and reduced time to deploy
software by 95 percent.

15 ©©2018 IBM
2016 IBM Corporation
Corporation
 Healthcare

Business challenge
A US-based healthcare technology company has experienced rapid growth
across Eastern Europe, Asia and South America, resulting in the need for
increased security. The client sought a security partner with the depth and
breadth of an end-to-end software and services portfolio.

Transformation
The company engaged IBM to implement an intrusion protection system
(IPS) solution with managed services, enabling it to focus on core business
initiatives and to scale more quickly. In addition, the implementation of an
IPS formed the solid first step of its proactive security posture. With an
effective IPS and the benefit of managed security services, the client is
poised to execute its security strategy more effectively.

Business benefits
Increased security.
Medical device company Solution components
•IBM® Security Network
Protects business-critical assets—
such as networks, servers,
endpoints and applications—from
IBM Security helps a Intrusion Prevention System
•IBM Managed Security Services
malicious threats.
healthcare company expand
globally
Reduced complexity.
Reduces cost and complexity by This global medical device company develops and markets industry-leading
consolidating point solutions and
integrating with other security innovative products that help dental professionals achieve the clinical results
tools. they expect and deliver cutting-edge options to their patients.

Business growth.
Stronger security posture helps
enable international growth.

16 ©©2018 IBM
2016 IBM Corporation
Corporation

“We can identify threats as they emerge
and act quickly so we can stop them
very early on, before they can do any
damage.”
Senior Security Analyst, Center of Surveillance
and Security
Business benefits
Thwarted attacks
The platform analyzes 700 events
per second, correlating network
noise into a coherent story that
helps staff s identify and stop
approximately 5 events a year.
IT collaboration.
Information collected can help IT
staff improve network
performance and availability.
Patient care.
Monitoring biomedical equipment
critical to human life and
confirming its availability is an
added benefit.
Healthcare
Business challenge
With sensitive personal health information and research intellectual
property housed on its networks, this university health center’s
infrastructure presented a high-profile target. The security staff wanted to
more quickly identify and respond potential threats to better protect patient
information and network operations.
Transformation
Working with IBM and IBM Business Partner Trend Micro, the health
center implemented a sophisticated security intelligence platform that
helps it detect and respond to attacks that would otherwise get lost in the
“noise.” Advanced analytics and anomaly detection help turn event data
into actionable insight. The integrated solution also helps uncover
malware-driven attacks and evasive threats such as zero-day malware.
University health center Solution components
•IBM® QRadar® Security
Strengthening its security Intelligence Platform
• IBM QRadar SIEM
posture with in-depth global • IBM QRadar Risk
Manager
intelligence • IBM QRadar Vulnerability
Manager
• Solution delivered by IBM
Business Partner Trend Micro
This university health center is one of the world’s foremost academic health
organizations. Each year, it treats almost 40,000 inpatients and realizes more
than 700,000 ambulatory visits while performing almost 35,000 surgeries. It
also operates a leading medical and life sciences research facility.
17 ©©2018 IBM
2016 IBM Corporation
Corporation

Business benefits
Reduced risk.
Enhanced ability to address
security emergencies and daily
access to security expertise
Met budget requirements.
Cost-effective staff augmentation
Improved decision making.
Access to valuable security
intelligence for better, more
informed decisions about high-
priority threats
Healthcare/Life Sciences
Business challenge
The company needed technology that would enable its limited security staff
to monitor and react to threats to their global business operations. The
client had been addressing the internal security functions within separate IT
silos with limited skilled manpower. The client wanted a more
comprehensive, integrated approach that would strengthen its overall
security posture.
Transformation
The client sought a partner with the experience and personnel to help
them meet their security objectives. The solution provided powerful
analytics and context that helped the client’s staff to detect threats faster,
identify vulnerabilities, prioritize risks, perform forensics analysis and
automate compliance activities.
Biomedical company Solution components
•IBM® QRadar® Security
Enhances ability to address Intelligence Platform
•IBM Managed Security Services
security emergencies
Based in the US, this industry-leading company researches, develops,
manufactures and markets biotherapies that are used to treat serious and rare
conditions. Users of their therapies around the globe rely on them for their
quality of life and, in many cases, for life itself. It employs more than 14,000
people worldwide.
18 ©©2018 IBM
2016 IBM Corporation
Corporation