If there is one thing we have learned in 2022, it’s that everything costs more. Businesses and consumers alike have grown accustomed to the pain – and expense – brought on by supply chain issues and inflation. So, should anyone be surprised to learn that the cost of data breaches has also risen? According to the results of IBM’s Cost of Data Breach Report, the answer is a firm no.
In its 17th year, and a leading benchmark report in cybersecurity, IBM Security publishes the findings conducted by the Ponemon Institute – who studied 537 data breaches across 17 countries and 17 different industries through nearly 3,500 interviews – to determine what organizations spent surrounding a data breach.
The results are alarming and show the average cost of a breach rising to $4.24 million per incident — the highest it has been in over 17 years, and a 10% rise from 2020. Globally, the cost of cybercrime was expected to peak at $6 trillion annually by the end of 2021.
To break down the total cost, the report found four categories that drove the expenditures associated with an organization’s data breach – detection and escalation, notification, post breach response and lost business.
The report findings are solid evidence that cybercrime is thriving, but what has caused the cost of data breaches to soar? That’s the million-dollar question. Here are some of the factors contributing to the rising cost of data breaches and how your organization can help decrease the risk of a cyber-attack.
Why Is the Cost of Data Breaches Increasing?
The rapid shift to online operations due to the global pandemic has had a significant impact on data breaches. In fact, when remote work was indicated as a factor in the event of a breach, the average total cost of a breach was $4.96 million – $1.07 million more on average and 24.2% higher.
Why did it cause such a difference? When businesses quickly implemented a work from home technology approach during the pandemic, many failed to prioritize a secure data environment, exposing themselves to vulnerability. Because of this, many organizations were not prepared to respond to a cyberattack in a timely or efficient manner. On average, surveyed businesses with up to 50% of staff working remotely took at least 58 days to identify and contain data breaches.
Stolen User Credentials
One reason why breach of data costs in 2021 have skyrocketed is because of stolen user credentials. When consumer credentials are stolen during a data breach, hackers can further use that information to launch even more attacks – especially since 82% of individuals reported that they reused passwords across multiple accounts.
Stolen credentials create a compound risk of being both the leading cause and effect of data breaches and are the most common method used as an entry point by attackers.
Compromised credentials, such as email addresses, counted for 20% of data breaches in 2021, with the financial impact of the top four types of attack vectors as follows:
- Business email compromise – $5.01 million
- Phishing – $4.65 million
- Malicious insiders – $4.61 million
- Social engineering – $4.47 million
Cyberattack Response Time
An increase in the average response time to detect and contain a data breach is another contributing factor to the rising cost. On average, it took 212 days to detect a breach and another 75 days to contain it for a total of 287 days to fully respond to a cyberattack. This response time is seven days longer than the previous year’s average.
To break that down by cost, data breaches that were contained within 200 days had an average cost of $3.61 million compared to breaches that took over 200 days, which had a cost of $4.87 million – a difference of $1.26 million.
For the 11th year in a row, the healthcare industry faced extensive operational changes during the pandemic and had the most expensive data breaches out of any industry. Compared to last year, the cost of healthcare sector data breaches increased by $2 million — totaling a cost of $9.23 million per incident in 2021.
Reducing Your Risk for a Cyberattack
Malicious data breaches can cause businesses to lose not only money but also customer trust and important data that may never be recovered. It’s more important now than ever before to implement a security solution that will help mitigate or prevent these cyberattacks.
Regardless of the type of breach, hackers all want one thing – customer data. IBM’s report emphasizes that the use of strong encryption is a key component in mitigating the cost of a data breach.
To reduce your risk of encountering a cyber threat, Bluefin’s encryption and tokenization data security solutions can act as a crucial line of defense against potential hackers. ShieldConex®, Bluefin’s data security platform, utilizes both hardware encryption and vaultless tokenization to not only protect but also devalue your data.
This platform instantly masks PII, PHI, and payment information upon entry through iFrames or APIs, ensuring that the data is not transferred as vulnerable clear text, where hackers could access it in the event of a data breach. And better yet, with the simple, cloud-based implementation, you can start protecting your data in as little as two days with seamless integration that requires no change to the online experience.
Secure Your Data