In November last year, an alarming incident grabbed headlines. Personal data, including credit card details, passport numbers and the dates of birth of up to 500 million guests, had been stolen in a colossal hack of the Marriott International hotel chain. Still, it was only one of the many data breaches that made it to the headlines in the past year. The reality is that as companies continue to digitize, data breaches are becoming more common and more expensive. According to IBM’s 2019 Data Breach Report, the cost of a data breach has increased by 12% over the past 5 years and is now $3.92 million on average.
Conducted by the Ponemon Institute, the study takes a deep-dive into the financial consequences of data breaches but also reports key findings of their root cause as well as security measures which can help reduce their impact.
The increase in data breach costs comes as no surprise. As businesses digitize further and move more and more data to the cloud, they also become increasingly exposed to potential breaches.
The bad news is that the impact of a data breach is not limited to the immediate aftermath of the breach; the report demonstrates that the costs will be felt for years after the incident.
Want to know more about the key takeaways of the data breach report but getting lost in between all those numbers?
No worries, we picked out the most interesting learnings you need to know:
1. The cost of a data breach goes way beyond the fine
When it comes to data breach costs, the first thing that often comes to mind is the potential fine the regulator could impose on the company for failing to comply with data protection requirements. However, the report reveals that lost business is the largest category contributing to the total cost of a data breach. $1.42 million was the average cost of lost business for organizations in the study which amounts to 36 percent of the total average cost of $3.92 million.
2. Breaches originating from malicious attacks are the most common
Malicious cyber-attacks, which are now responsible for 51 percent of breaches, are the most common and most expensive causes of data breaches. However, inadvertent breaches from human error and system glitches are also significant, and amount to nearly half (49 percent) of all data breaches. These can also cost a company millions.
3. Smaller companies pay disproportionately larger costs
As data breaches of large companies keep hitting the headlines, smaller ones might get the impression that a breach can only happen to big organisations. But research shows that nearly 70 percent of SMBs experience cyber-attacks. And when those result in a data breach, small companies incur higher costs relative to their size than larger organizations ($204 per employee for organizations with more than 25,000 employees vs. $3,533 per employee for those between 500 and 1,000 employees). This significantly hinders their ability to recover financially from the incident.
4. Encryption has the greatest impact on reducing breach costs
There are several cost mitigators that can help reduce the cost of a data breach either preventatively or afterwards. Extensive use of encryption, data loss prevention, threat intelligence sharing and integrating security into the software development process can all play a great role in reducing the data breach cost well below average. However, it’s encryption that seems to have the greatest impact on reducing breach costs by an average of $360,000.
5. Incident response team and plan are great cost-savings amplifiers
Setting up an incident response (IR) has a major impact on the organisation’s ability to effectively and swiftly react to a breach. Complemented with IR plan testing, the IR team can have greater cost-saving effects than any single security process. The report finds that having an IR team and extensive IR plan testing helped companies save $1.23 million compared to those with no incident response team or previous incident response plan testing.
6. Data breaches are most expensive in the US and in the health care sector
Fitting into a multi-year trend, data breaches in the U.S. are significantly more expensive (total cost of $8.19 million on average which is more than twice the global average) than in other countries. Also continuing a trend, organizations in the healthcare sector incurred the highest data breach costs; $6.45 million which is over 60 percent more than the global average of all industries.
These are, in a nutshell, some of the key findings from the Cost of a Data Breach Report. Since the odds of experiencing a data breach are also increasing, it might be time to revisit the security measures and policies you have in place to protect your data in the cloud and mitigate the impact of a potential breach. Since encryption has the greatest impact on reducing data breach costs, you should also look into solutions that keep your data encrypted from end-to-end.