There have been a myriad of research studies attempting to come up with the “cost” of a data breach. The most recent, released by AT&T, estimates that it costs organizations $3.6 million to recover from a data breach.

The AT&T team surveyed 700 IT professionals in all industry sectors, and found that the biggest risks to organizations continue to be malware, viruses and worms, unauthorized access to corporate data, and ransomware.

The AT&T cybersecurity insights report, entitled “Mind the Gap: Cybersecurity’s Big Disconnect,” found that IT professionals face skills gaps in threat prevention, threat detection and threat analysis. Further, and frankly, disappointing, was that only 61 percent of organizations require security awareness training for all of their employees. We have been urging clients to provide security awareness education to employees, especially in light of the increase of malware and ransomware attacks against companies through phishing campaigns.

True to predictions in the data security industry, the Report found that employee devices accounted for 51 percent of all data breaches, followed by IoT devices, which accounted for 35 percent of data breaches and then compromised third-party credentials (34 percent). These findings emphasize the importance of including bring your own device programs, IoT and third party and vendor management program in your enterprise wide risk management program.