Has cybersecurity ever been more important than it is right now?
What is a Data Breach?
A data breach is any incident where confidential or personal information has been accessed without permission. Breaches are the result of a cyberattack where criminals gain unauthorized access to a computer system or network and steal the private, sensitive, or confidential personal and financial data of the customers or users contained within.
The U.S. Department of Justice defines a breach as “the loss of control, compromise, unauthorized disclosure, unauthorized acquisition, access for an unauthorized purpose, or other unauthorized access, to data, whether physical or electronic.”
Real Cost of a Data Breach
The global cost of data breaches in 2021 is expected to reach $6 trillion annually. This amount has doubled from $3 trillion back in 2015. But Wednesday, IBM Security released its annual “Cost of a Data Breach” report, which estimates that in 2021, a typical data breach experienced by companies now costs $4.24 million per incident, with expenses incurred now 10% higher than in 2020 when 1,000 — 100,000 records are involved.
After analyzing data breaches reported by over 500 organizations, together with a survey conducted by Ponemon Institute, IBM says that the “drastic operational shifts” experienced by the enterprise due to the pandemic, stay-at-home orders, and the need to quickly turn processes remote prompted higher costs and increased difficulty in containing a security incident once it had taken place. Only in 2020, the United States had the highest cost at $8.19 million and healthcare had the highest average industry cost of $6.45 million likely due to their high amount of personal data.
Above all, the report shows the high cost of a breach and the need for organizations to reduce cybersecurity risk and improve their overall security posture. The most common attack vector for enterprises experiencing a data breach was compromised credentials, either taken from data dumps posted online, sold on, or obtained through brute-force attacks.
Data protection, data security and data breach prevention must be part of every organization’s information security policy, the long-tail impact of a data breach can be felt for years after the initial incident.
According to the report, a zero trust approach helped reduce the average cost of a data breach. Just 35% of organizations used a zero trust approach, which aims to wrap security around every user, device and connection. While the average cost of a breach was $5.04 million for those without a zero trust approach, in mature stage of deployment, the average cost of a breach was $3.28 million, a 42% cost difference.
Other key facts about the costs of data breaches
- The average time to identify a breach in 2020 was 228 days (IBM) and over 2021 an average of 287 days
- The average time to contain a breach was 80 days (IBM).
- Data breaches in the healthcare industry were the most expensive, at an average of $9.23 million, followed by financial services — $5.72 million — and pharmaceuticals, at $5.04 million
- The cost of different types of records, including customer personally identifiable information – the most frequently breached and the most expensive at $180 per record.
- A breach lifecycle under 200 days costs $1 million less than a lifecycle over 200 days (IBM)
- 39% of costs incurred more than a year after the data breach (IBM).
- A mega breach of 1 million to 10 million records has an average total cost of $50 million, a growth of 22% from 2018 (IBM).
- A mega breach of 50 million records has an average total cost of $392 million, a growth of almost 12% from 2018 (IBM).
It’s time to examine your data breach response plan and try a free risk assessment to see where your vulnerabilities lie.