The expression “knowledge is power” is usually used to convince a student to study or entice a friend to pay attention to current events. But what if we use it to describe something negative? When someone else gains access to your sensitive data, they have power over you.
That is the very possible outcome of a data breach.
Data breaches can happen to companies of all sizes and industries. From malicious attacks to standard user error, there are several ways your data can fall into the wrong hands. But wouldn’t you rather learn from the misfortune of others over experiencing it yourself?
Luckily, IBM recently came out with their 2021 Cost of a Data Breach Report which covers how companies handled this form of cyber attack and the repercussions of the breach. From how long it took to identify a breach to the overall cost of the intrusion, this data helps companies learn how to avoid being a target.
Here are eight facts from the report that all companies should be aware of to understand the impact of a data breach and best protect their sensitive data.
Cost difference where remote work was a factor in causing the breach: $1.07 million
Many companies are embracing an indefinite presence of remote work in their business model. While it is a benefit appreciated by many workers and is proven to increase team morale, it does come with unique risks.
When remote work is a factor in data breaches, the overall cost of detecting and fixing data breaches runs at a higher cost than with a fully in-office team.
Much of this can be attributed to companies that were forced into figuring out a remote work process without much warning. Teams didn’t know how to protect company data to the best of their abilities. Organizations that had more than 50% of their remote workforce took 58 days longer to identify and contain breaches than those with 50% or less working remotely – and the longer it takes to identify, the more costly the data breach.
While data breaches are always a risk, don’t write off an indefinite hybrid work model as too risky to develop. Hybrid work teams that have the correct processes, resources and tools available can be efficient and secure.
Consecutive years health care had the highest industry cost of a breach: 11 years
While data breaches impact companies across industries, the health care industry is particularly susceptible to data breaches.
Personal Health Information (PHI) is a valuable type of data to hackers – even more valuable than Personal Identification Information (PII).
On top of that, the health care industry has a large amount of user error data breaches, from accidentally disclosing patient data to losing the devices that house data. This is a dangerous mix that offers a high incentive to hackers, making the health care industry a common target.
The best way for companies in the health care industry to protect themselves against data breaches is to have processes in place for both identifying threats and educating staff on secure data best practices.
Share of breaches initially caused by compromised credentials: 20%
Password best practices seem rudimentary, but the data has proven time and time again that a weak password is a hacker’s jackpot.
While compromised credentials tended to be slightly less costly overall in 2021 compared to other channels for a data breach, it was by far the most common. In comparison, business email compromise was only responsible for 4% of breaches.
This common channel for a data breach can be avoided when a company has best practices scheduled into its processes.
Some of the best practices companies can bake into their processes are:
- Parameters for password strength to a consistent password
- Consistent password updating schedules for all team members
- Setting up 2-factor authentication where possible
The average number of days to identify and contain a data breach: 287 days
The time it takes for companies to identify and fix a data breach is almost ten months. That’s a lot of time for a hacker to wreak havoc and take what they want from your sensitive data. The average number of days is increasing year over year – the average time in 2021 is seven days longer than it was in 2020.
Here is the lifecycle of an average data breach:
- The time it takes to identify a breach: 212 days
- The time it takes to contain a breach: 75 days
The vast majority of that lifecycle is dedicated to simply realizing that a data breach is happening. Companies can significantly cut down on the time it takes to identify a data breach by leveraging multiple powerful cybersecurity practices. Proactive maintenance will keep all applications updated and secure, minimizing the chances for a breach in the first place. 24/7 network monitoring will identify and combat any threats in real-time.
The average cost of a breach in hybrid cloud environments: $3.6 million
The average cost of a data breach for companies using a hybrid cloud is $3.6 million. While this seems like a lot, the interesting aspect of this statistic is that this is the lowest cost compared to public, private and on-premise work models.
Here’s another (more optimistic) trend surrounding different cloud types experiencing a data breach: companies that have a mature cloud data storage process catch threatening data breaches 77 days faster than those just starting their journey with the cloud.
The general lesson is is that no matter what type of cloud you use to house your sensitive data or how far along you are with your cloud processes, a data breach will be expensive. Whether you need a public, private or hybrid cloud, having a secure space to house your data can make or break the overall strength of your cybersecurity.
The cost difference for breaches with high vs. low levels of compliance failures: $2.3 million
A highly compliant website won’t just save you from costly lawsuits or fines – it can also minimize the financial impact of data breaches.
Low compliance (the failure to follow government laws related to data protection) can look like weak or nonexistent cyber protection or inadequate company policies surrounding the exchange of sensitive data. Some common consequences of lack of data compliance are disclosure of Protected Health Information, breach of payment card data, infringing on data privacy and lack of disaster preparedness. This leaves your most sensitive internal and client data ripe for the picking.
Did you know that the less ADA compliant your website is, the more costly a data breach can be? In the same vein, the more complex your website is, the greater the cost of a data breach.
A low level of compliance with a high level of website complexity is a recipe for a costly data breach.
The global average total cost of a ransomware breach: 4.62 million
The average total cost of a ransomware breach in 2021 was over $4.5 million. This specific type of data breach happens when a hacker can take control of data and hold it hostage until the company pays a ransom to get it back.
This dollar amount can be attributed to the cost of identification, legal fees, IT investments, loss of business, response costs and more – this number does not include the actual ransom. A separate 2021 ransomware survey and report by Thycotic concluded that of companies hit with ransomware in 2021, a whopping 83% of them paid the ransom.
A vicious ransomware attack can shut a business’s doors for good. Powerful ransomware protection can keep data protected with offsite backup options and 24/7 network monitoring will identify any suspicious activity.
The United States has the highest average total cost of a data breach over any other country or region
They say everything is bigger in the United States. Unfortunately, that includes the highest average cost of a data breach by a long shot. Of the top 5 countries with the most costly data breaches (the U.S., the Middle East, Canada, Germany and Japan), the United States surpasses them by over $2 million.
The United States has also experienced a dramatic increase in that number year over year. The average cost of a 2021 data breach is $9.06 million compared to $8.64 million in 2020. With the US average over double that of the global average, powerful cybersecurity resources can be crucial to the longevity of companies in the United States.
MDL Technology can help!
The IBM Cost of a Data Breach Report can be condensed into one major theme: data breaches are only getting more complex, costly and detrimental to companies all over the world. A strong front to protect your internal data from malicious attacks and accidental leaks can save companies time, money and major headaches.
If your company needs to take a closer look at your data protection tools and policies, our team can help. Review our services or reach out today to gain peace of mind around the security of your sensitive data.