What Is the True Cost of a Data Breach?
Editor's note: This post was originally published on December 31, 2017, and has been revised for clarity and comprehensiveness.
Data breach is a scary word. In fact, you've most likely heard of it from cyber insurance or cybersecurity companies as they try to alarm you into purchasing their products. But is it really something you should be scared of?
At Intelligent Technical Solutions (ITS), we've seen breaches happening here and there, especially to small and midsize businesses (SMBs). In this article, we'll dive into the facts to gather insights on the true cost of a data breach. That information can help you separate fact from fiction, giving you a more realistic view of the current threat landscape and what that means for your business.
To do that, we'll discuss the following topics:
- How much does a data breach cost?
- How often do data breaches happen?
- How are cybercriminals stealing your data
How Much Does a Data Breach Cost?
According to IBM's 2022 Cost of a Data Breach Report, the average cost of a data breach in the United States is $9.44 million. That's almost twice the global average of $4.35 million, making it the 12th year in a row that the country has held the title for the highest cost of a data breach. One of the biggest contributors to that massive spike is the healthcare industry, which averaged $10.10 million for a breach in 2022. That's 42% higher than previously recorded.
To be clear, it doesn't mean your SMB will have to shell out $9 million for every breach. That will depend on several factors, like how much data was compromised, how long it took you to detect and respond to the breach, and what industry you're in. But, a single breach can carry serious financial consequences like the loss of customers, fines and penalties, customer compensation, lawsuits, and more. Those could push the cost of an incident to thousands, if not millions, of dollars.
That amount might be shocking, but it gets worse. In a time of skyrocketing inflation rates, the study also found that data breaches impact the economy in more ways than one. It revealed that 60% of organizations increased their prices for goods and services to offset the consequences of a breach. That means even if your company didn't suffer an incident, they could still indirectly affect you.
How Often Do Data Breaches Happen?
Let's put it this way: experiencing a data breach isn't a question of if but when. That notion might seem extreme, but the results of the IBM study back it up. It has become so common that new findings in this year's report revealed an alarming new statistic. It showed that 83% of organizations had experienced more than one data breach in 2022.
That means most businesses experienced not one but several breaches in a single year. Now, factor in what we know about the cost of a breach, and you will understand the gravity of the situation.
How are Cybercriminals Stealing Your Data?
According to the IBM report, the most common method cybercriminals used to get to your data was using stolen or compromised credentials. They can get those in different ways; through social engineering, phishing, purchasing it from the dark web, or sometimes, by trying out the most commonly used passwords and hoping it sticks.
Not only that, the vector took the longest time to identify at 327 days. That means cyber actors could potentially be within your network for almost a year before their activities are discovered simply by using compromised credentials. Now, imagine how much damage a malicious hacker can do within that amount of time. The report answers that question, too. It found that stolen credentials ended up costing $150,000 more than the average data breach.
How to Lower the Cost of a Data Breach
The IBM report doesn't bring all bad news, however. Thankfully, it also found ways to lower the cost of a data breach. Check out how:
1. Create and Test Your Incident Response Plan
According to the report, businesses that had an incident response (IR) team and regularly tested their IR plans saved as much as $2.66 million on average. It's considered one of the most effective ways to mitigate the cost of a data breach. However, most of the businesses that responded (73%) didn't have one, while some (37%) didn't test their plans regularly.
2. Deploy Security Artificial Intelligence (AI) and Automation
The study found that organizations with fully developed security AI and automation technologies saved up to $3 million in breach costs. On average, businesses that don't have security AI deployed experienced up to $6.2 million in losses, while those that do have them were able to cut breach costs in half, spending only $3.15 million.
In addition, security AI and automation significantly lowered the time needed to identify and contain a breach. The study revealed that the average breach lifecycle for a company that has those technologies deployed was 74 days shorter than those without them.
3. Minimize the Breach Lifecycle
Time saved is similar to dollars saved when it comes to a data breach. According to the IBM study, the average time it took companies to identify and contain a breach was 277 days. Those who can shorten that time to 200 days or less could save an average of $1.12 million.
4. Implement a Zero Trust Security Framework
Zero Trust is a security framework requiring all users, within or outside the organization's network, to be authenticated, authorized, and continuously validated before being granted access to any applications and data. It's a framework that has seen an increase in usage in recent years from 35% in 2021 to 41% in 2022. There's a good reason why it's gaining popularity, too.
According to the IBM study, organizations that do not deploy zero trust architecture incur an average breach cost of $1 million more than those that do. In addition, those with a mature zero trust deployment could lower the costs even more, paying $1.5 million less for a breach.
Are You Ready to Protect Yourself from Data Breaches?
Sadly, the cost of a data breach continues to rise without any signs of slowing down. The only way to protect your organization is by investing in better cybersecurity. Not only can it reduce the cost of a data breach, but it can also help prevent them from happening in the first place.
At ITS, we've spent decades helping our clients manage and protect their data; we can also help you identify the vulnerabilities in your network system. Schedule a free network assessment with us, or you can learn more about data breaches and what you can do about them with the additional resources below: