Data breaches have garnered extensive attention as businesses of all sizes become increasingly dependent on digital data, cloud computing, and workforce mobility. A data breach can happen to any size organization, from small businesses to major corporations all around the digitally constructed globe. The cost of a data breach is unpredictable in terms of time, resources, and money lost.
Many people, including C-suite executives, consider software programming, network design, and other key competencies the sole concern of “technical people.” However, when you’re accountable for your organization’s technology and/or cybersecurity program, you must be able to convey your department’s needs to the executive team. Unfortunately, the perceived divide among “technical people” and the rest of the company can result in communication mishaps.
Safeguarding your crucial information from potential data breaches is an effective way to protect the company’s reputation, too. Without any security software/tools installed, you’re merely opening the door for hackers and letting them in.
Let’s see how a data breach can affect your company’s growth and how much it will cost.
6 Reasons For A Data Breach
- Human Errors
Human errors are the most common causes of a data breach. The overall statistics reveal that more than half of data breaches are a result of carelessness. This includes situations like sending an email to the wrong recipient or responding to an innocent-seeming request by disclosing confidential information. A simple action that solves this particular issue is taking the time needed to confirm mail recipients carefully.
Often, users get caught by phishing attempts because the malicious links are disguised. Once clicked, a phishing link compromises all the data in a system or network. It’s no wonder phishing accounts for nearly 43% of data breaches worldwide.
- Malicious Cyber Attacks
As the way we live and conduct business continues to become digitized, newer forms of cyber-attacks emerge every day. Cyberattacks such as ransomware, malware, and other forms of virus attacks will appear in this list as other critical causes of a data breach.
- Social Engineering
Tech-savvy people are aware of the most modern technology hacks, but fail to find the traps as hackers tend to target unsuspecting, gullible victims. Targets of social engineering are duped into trading data in return for rousing rewards or other monetary benefits, exposing themselves and their businesses to all sorts of data breaches.
Cracking passwords is often a cakewalk for cyber attackers. Keeping your passwords predictable and fragile increases the chances of exposing your online data to identify theft. The stronger your password, the more protected your system will be from hackers and malicious software.
- Outdated Software
Using pirated software or browsers can put you on a hacker’s target list. And also, your data is more vulnerable to data breaches if you are using software or browsers that are not updated regularly or patched.
Average Cost of A Data Breach in 2021
The repercussions of a data breach can be disastrous to any company, including losses ranging from recovery costs to decreased customer trust. Recent research conducted by IBM & the Ponemon Institute reveals the average cost of a data breach in 2021 is US$ 4.24 million. This is a 10% increase in the average cost from 2019. These costs are accelerating at a high rate, particularly for businesses in the US.
Let’s take a closer look at some facts and figures on the cost of a data breach, starting with the Cost of a Data Breach 2021 Report
6 Key Findings – The Cost of a Data Breach 2021 Report
- 2021 reports the peak average cost of a data breach in 17 years, with a total of $4.24M. The average cost varies greatly depending on the industry, with healthcare seeing the highest average costs by a large margin.
Top 5 Industries with the Highest Average Total Cost
– Healthcare Sector – $9.23 million
– Financial Sector – $5.72 million
– Pharmaceuticals Sector – $5.04 million
– Technology Sector – $4.88 million
– Energy Sector – $4.65 million
- The lost business represented the highest cost, accounting for 38% of the average total cost of a data breach for a total of $1.59 million.
- Breaches with a life cycle of over 200 days had an average cost of $4.87 million compared to $3.61 million for breaches with a lifecycle of fewer than 200 days.
- The average time taken for organizations to contain data breaches was 287 days in 2021, 7 days more than in 2020.
- Compromised credentials, accounting for 20% of breaches, followed by phishing attempts (17%), cloud misconfiguration (15%), and business email compromise (4%).
- Organizations using AI and automation experienced an 80% lower average data breach cost, a total of $2.90 million compared to $6.71 million in organizations without AI or automation.
Cost Case Study: Cognizant Paid $50-70 million For Restoring “Customer Data”
Maze Group started a Ransomware attack on Cognizant Technology Solutions (CTS) in 2020, causing a disruption of services to the company’s clients. Cognizant has confirmed the breach on its website. The company reported it had taken steps to control the incident and informed clients about the cyberattack as well as the measures it was taking to ensure protection and restore the information.
It was a typical ransomware attack. Cybercriminals infected a target company’s system and locked the data stored with a virus, demanding a ransom for restoring the data to a usable state. The personal customer information taken in the heist included names, Social Security numbers, tax identification numbers, financial account information, driver’s licenses, and passport information. In this case, the Maze attackers demanded Cognizant pay a ransom for preventing it from publishing the breached information online.
Cognizant connected with customers through end-point client software installed on workstations and provided IT services remotely to push out patches, software updates, and other remote services. Yet, the damage was done.
Cognizant also acknowledged that they have paid a ransom of $50-70 million to Maze to get the information back in their system. In the aftermath, Cognizant has employed over 300,000 people worldwide, including a large security staff that is building a secure infrastructure to keep its customers’ information safe and reports $15 billion a year in revenue.
Despite its losses, Cognizant has been able to bounce back, but that is not the case for all companies. In the end, the company could have avoided paying out millions in lost revenue by prioritizing cybersecurity investments and safeguards.
5 Data Breach Safeguards for Your Company
- Develop a Comprehensive Strategy and Test It Regularly – Most of the time, cyber security teams react to problems instead of creating a proactive strategy that meets organizational risk tolerance levels. Regular security audits require performing regular penetration tests of the company’s IT infrastructure to ensure the effectiveness of corporate security policies, procedures, and protocols.
- Gain More Visibility Into Your IT Environment – It’s imperative to have a comprehensive and consistent framework for detecting, monitoring, managing, and protecting your network. For protecting your organization from cybersecurity threats, you need better network visibility and intelligence. In a constantly changing environment, it’s important to know what’s happening every day so you can be aware, detect an issue, and then prevent it from spreading.
- Train Your Employees Against Cyberattacks – Conduct cybersecurity awareness training for all employees and also enact phishing assessments to ensure training sticks with employees. Creating a security mentality in employees comes from the top.
- Try to Stay More Steps Ahead of the Hackers – Cybersecurity is not a one-and-done activity. A robust security attitude is about consistently identifying, assessing, and remediating security risks and threats across your IT environment. You need to prioritize your security threats and address them if you care about the cost of a data breach.
Prioritize your security threats: See what’s hidden in your stack
- Back-Up Your Systems – Ensure your business activities and disaster recovery plans are current and include specific procedures. Upcoming cloud-based high availability disaster recovery (HA/DR) solutions are becoming more attractive because of their resiliency, flexibility, and scalability. Unfortunately, HA/DR solutions aren’t affordable for every company. Ensuring your systems/network are backed up is the most important area of security strategy and planning.