Data breaches have garnered extensive attention as businesses of all sizes become increasingly dependent on digital data, cloud computing, and workforce mobility. A data breach can happen to any size organization, from small businesses to major corporations all around the digitally constructed globe. The cost of a data breach is unpredictable in terms of time, resources, and money lost. 

Many people, including C-suite executives, consider software programming, network design, and other key competencies the sole concern of “technical people.” However, when you’re accountable for your organization’s technology and/or cybersecurity program, you must be able to convey your department’s needs to the executive team. Unfortunately, the perceived divide among “technical people” and the rest of the company can result in communication mishaps. 

Safeguarding your crucial information from potential data breaches is an effective way to protect the company’s reputation, too. Without any security software/tools installed, you’re merely opening the door for hackers and letting them in. 

Let’s see how a data breach can affect your company’s growth and how much it will cost.

6 Reasons For A Data Breach

  • Human Errors
    Human errors are the most common causes of a data breach. The overall statistics reveal that more than half of data breaches are a result of carelessness. This includes situations like sending an email to the wrong recipient or responding to an innocent-seeming request by disclosing confidential information. A simple action that solves this particular issue is taking the time needed to confirm mail recipients carefully.  
  • Phishing
    Often, users get caught by phishing attempts because the malicious links are disguised. Once clicked, a phishing link compromises all the data in a system or network. It’s no wonder phishing accounts for nearly 43% of data breaches worldwide.
  • Malicious Cyber Attacks
    As the way we live and conduct business continues to become digitized, newer forms of cyber-attacks emerge every day. Cyberattacks such as ransomware, malware, and other forms of virus attacks will appear in this list as other critical causes of a data breach
  • Social Engineering
    Tech-savvy people are aware of the most modern technology hacks, but fail to find the traps as hackers tend to target unsuspecting, gullible victims. Targets of social engineering are duped into trading data in return for rousing rewards or other monetary benefits, exposing themselves and their businesses to all sorts of data breaches.
  • Credentials
    Cracking passwords is often a cakewalk for cyber attackers. Keeping your passwords predictable and fragile increases the chances of exposing your online data to identify theft. The stronger your password, the more protected your system will be from hackers and malicious software. 
  • Outdated Software
    Using pirated software or browsers can put you on a hacker’s target list. And also, your data is more vulnerable to data breaches if you are using software or browsers that are not updated regularly or patched.  

Average Cost of A Data Breach in 2021

The repercussions of a data breach can be disastrous to any company, including losses ranging from recovery costs to decreased customer trust. Recent research conducted by IBM & the Ponemon Institute reveals the average cost of a data breach in 2021 is US$ 4.24 million. This is a 10% increase in the average cost from 2019. These costs are accelerating at a high rate, particularly for businesses in the US.

Let’s take a closer look at some facts and figures on the cost of a data breach, starting with the Cost of a Data Breach 2021 Report

6 Key Findings – The Cost of a Data Breach 2021 Report

  1. 2021 reports the peak average cost of a data breach in 17 years, with a total of $4.24M. The average cost varies greatly depending on the industry, with healthcare seeing the highest average costs by a large margin.

Top 5 Industries with the Highest Average Total Cost
Healthcare Sector – $9.23 million
– Financial Sector – $5.72 million
– Pharmaceuticals Sector – $5.04 million
– Technology Sector – $4.88 million
– Energy Sector – $4.65 million

  1. The lost business represented the highest cost, accounting for 38% of the average total cost of a data breach for a total of $1.59 million.
  2. Breaches with a life cycle of over 200 days had an average cost of $4.87 million compared to $3.61 million for breaches with a lifecycle of fewer than 200 days.
  3. The average time taken for organizations to contain data breaches was 287 days in 2021, 7 days more than in 2020.  
  4. Compromised credentials, accounting for 20% of breaches, followed by phishing attempts (17%), cloud misconfiguration (15%), and business email compromise (4%).
  5. Organizations using AI and automation experienced an 80% lower average data breach cost, a total of $2.90 million compared to $6.71 million in organizations without AI or automation. 

Cost Case Study: Cognizant Paid $50-70 million For Restoring “Customer Data”

Maze Group started a Ransomware attack on Cognizant Technology Solutions (CTS) in 2020, causing a disruption of services to the company’s clients. Cognizant has confirmed the breach on its website. The company reported it had taken steps to control the incident and informed clients about the cyberattack as well as the measures it was taking to ensure protection and restore the information. 

It was a typical ransomware attack. Cybercriminals infected a target company’s system and locked the data stored with a virus, demanding a ransom for restoring the data to a usable state. The personal customer information taken in the heist included names, Social Security numbers, tax identification numbers, financial account information, driver’s licenses, and passport information. In this case, the Maze attackers demanded Cognizant pay a ransom for preventing it from publishing the breached information online. 

Cognizant connected with customers through end-point client software installed on workstations and provided IT services remotely to push out patches, software updates, and other remote services. Yet, the damage was done. 

Cognizant also acknowledged that they have paid a ransom of $50-70 million to Maze to get the information back in their system. In the aftermath, Cognizant has employed over 300,000 people worldwide, including a large security staff that is building a secure infrastructure to keep its customers’ information safe and reports $15 billion a year in revenue.

Despite its losses, Cognizant has been able to bounce back, but that is not the case for all companies. In the end, the company could have avoided paying out millions in lost revenue by prioritizing cybersecurity investments and safeguards.

5 Data Breach Safeguards for Your Company

  • Develop a Comprehensive Strategy and Test It Regularly Most of the time, cyber security teams react to problems instead of creating a proactive strategy that meets organizational risk tolerance levels. Regular security audits require performing regular penetration tests of the company’s IT infrastructure to ensure the effectiveness of corporate security policies, procedures, and protocols. 
  • Gain More Visibility Into Your IT Environment – It’s imperative to have a comprehensive and consistent framework for detecting, monitoring, managing, and protecting your network. For protecting your organization from cybersecurity threats, you need better network visibility and intelligence. In a constantly changing environment, it’s important to know what’s happening every day so you can be aware, detect an issue, and then prevent it from spreading.  
  • Train Your Employees Against Cyberattacks – Conduct cybersecurity awareness training for all employees and also enact phishing assessments to ensure training sticks with employees. Creating a security mentality in employees comes from the top. 
  • Try to Stay More Steps Ahead of the Hackers – Cybersecurity is not a one-and-done activity. A robust security attitude is about consistently identifying, assessing, and remediating security risks and threats across your IT environment. You need to prioritize your security threats and address them if you care about the cost of a data breach.

Prioritize your security threats:  See what’s hidden in your stack 

  • Back-Up Your Systems – Ensure your business activities and disaster recovery plans are current and include specific procedures. Upcoming cloud-based high availability disaster recovery (HA/DR) solutions are becoming more attractive because of their resiliency, flexibility, and scalability. Unfortunately, HA/DR solutions aren’t affordable for every company. Ensuring your systems/network are backed up is the most important area of security strategy and planning.  

Want a deeper view into your security environment?

Learn more about how GRC and Cyber Risk Quantification help security leaders quantify risk to the executive suite.

Download Resource
Nichole Kelly

Nichole Kelly

Vice President of Growth

Nichole Kelly brings over two decades of experience in growing organizations top line and bottom line revenue. As one of the leading marketing influencers she is the author of "How to Measure Social Media" and has traveled the world teaching marketers how to build and execute ROI-driven marketing strategies at every major marketing conference. Also an entrepreneur, Kelly was also the founder of SME Digital, a digital marketing agency that was sold to Renegade Marketing.

Kelly leads an active life of service and is the founder of The Bipolar Executive blog and podcast. This project is  designed to help shift the conversation around mental illness to one of mental wellness in Corporate America. 

Kelly holds a Bachelor’s Degree in Business Administration with a minor in Marketing from Saint Leo University.

Connect on my blog The Bipolar Executive

Connect on LinkedIn

Chris Schroeder

Vice President of Engineering, Co-Founder

Chris Schroeder has over 25 years of experience in large complex IT environments from the Fortune 500 to the federal government. Chris has an extensive technology background in mobility, infrastructure operations, and data analytics. Schroeder is a seasoned entrepreneur and co-founder of App47 and the Vice President of Engineering and co-founder of RealOps (sold to BMC).

Chris is an active volunteer in his community coaching boys and girls lacrosse, supporting high school STEM programs, and serving on the Pastoral Council. 

Schroeder holds a Bachelor’s Degree in Computer Science from Radford University and a Masters Degree in Technology Engineering from George Washington University.

Connect on LinkedIn

Sean McDermott

President & CEO, Founder

Sean McDermott’s curiosity for advancing technology began at his first job as a network engineer/architect installing and managing the first private internet for the U.S. Department of Justice. At a time when the internet was just taking off, McDermott was at the forefront and has continued to be on the cutting edge of technology leading Fortune 500 companies through the dot-com bust, 9/11 and the 2008 recession. Sean has over three decades of experience working with CIOs in the Fortune 500 to trail blaze innovation and protect the IT infrastructure of the largest commercial and federal organizations in the world. 

McDermott is a mission-driven, serial entrepreneur who founded Windward Consulting Group, RealOps, Inc. (sold to BMC), App47 and RedMonocle. He is also the founder of the Windward Foundation and Alzheimer’s Caregiver Alliance, an organization dedicated to easing the burden of caregiving for individuals and families touched by Alzheimer’s disease.

McDermott is a member of the Forbes Tech Council and has been featured in Security Boulevard, TechRepublic, IT Visionaries, APM Digest, Inside BigData, DevPro Journal, IT Toolbox and more. He  holds a Bachelor’s Degree in Electrical Engineering from Villanova University and a Masters in Engineering Management from The Catholic University of America. 

Connect on my blog Wheels up World 

Connect on LinkedIn