IBM and the Ponemon Institute’s long-awaited 2020 Cost of a Data Breach Report has finally arrived — and with it comes critical insight into the current landscape of cyber security. For the fifteenth consecutive year, IBM and the Ponemon Institute have partnered to analyze the latest breaches at over 500 organizations to uncover trends in cyberattacks and provide insight on data security practices.
From the average cost of a data breach to how you can better protect your organization’s data, here are the most important takeaways from this year’s 2020 Cost of a Data Breach Report.
The Cost of a Data Breach: U.S. Versus the World
First the good news: worldwide, the average cost of a data breach has fallen nearly half a million dollars compared to last year. A data breach of 100,000 records or less now costs about $3.8 million on average, though this figure varies from nation to nation.
Which brings us to the bad news. If your organization is located in the United States, a data breach costs significantly more than in the rest of the world. The average cost of a breach in the U.S. is $8.6 million — twice that of the global average.
How do IBM and the Ponemon Institute define the cost of a data breach? The following factors figure in to the total losses:
- Data breach detection and response
- Legal fees, fines and settlement costs
- Cost of victim notification
- Lost revenue
- PR, marketing and sales to regain customer trust
- Increased customer support
As you can see, the losses incurred from data breach can span years, from the moment of discovery to the time it takes to earn customers’ trust again. With so many costly moving parts, it’s easy to see how even just a small breach of under 100,00 records can add up to a multimillion-dollar loss. Meanwhile, mega breaches cost even more — see the 2017 Equifax data breach, which exposed 147.9 million records and is estimated to cost Equifax at least $1.38 billion dollars.
COVID-19 and Data Security
The 2020 Cost of a Data Breach Report wouldn’t be complete without factoring in the coronavirus pandemic. From universities to small businesses who are shifting their model to e-commerce, nearly every sector has been forced to move at least some operations online — making their data all the more vulnerable to hackers.
According to Ponemon’s survey, businesses are acutely aware of the threat, with 78% of respondents reporting that remote work would increase the time it would take to identify and contain a data breach. The longer it takes to contain a breach, the most expensive it becomes, and 70% of survey respondents acknowledged that remote work would indeed increase the overall cost.
The Longer the Breach, the Higher the Cost
According to the report, it takes an average of 280 days for an organization to discover and then contain a data breach — that’s nearly an entire year. The number of days a data breach goes undetected is critical. The report shows that if an organization can detect and contain a breach in fewer than 200 days, it saves an average of $1 million in losses.
Most Costly Industries for a Data Breach
The average losses per industry has changed over the last decade, the 2020 Cost of a Data Breach Report reveals. In 2020, the five industries with the most expensive costs per breach were as follows:
- Healthcare at $7.1 million
- Energy at $6.4 million
- Financial at $5.9 million
- Pharmaceutical at $5.1 million
- Technology at $5 million
Compared to 2015, this list looks quite different. Throughout the last five years, healthcare has remained as the most expensive industry for a data breach overall, though the cost fell from $8.6 million in 2015 to $7.1 million today. In 2015, the education and communication industries sat in the top five most-costly breaches, and have since fallen down the list.
Top Causes of a Data Breach
Who’s behind the majority of data breaches? The 2020 Cost of a Data Breach Report reveals that just over half of data breaches are the result of hackers. Fifty-three percent of breaches are the result of a malicious attack. Of those cyberattacks, nation-state hackers make up 13% — a significant number, but hardly the majority. The report also shows that hackers are largely motivated by financial gain, with 53% of all malicious attacks attempting to make a profit.
Of malicious attacks, the most common methods of compromise were stolen credentials, cloud disfiguration, third-party software vulnerability and phishing scams.
If hackers are only responsible for half of all breaches, what about the rest? The remaining causes for exposed data are much less nefarious, though no less dangerous. Twenty-three percent of all data breaches were caused by human error, and 25% were caused by a system glitch.
How to Minimize the Impacts of a Data Breach
Perhaps the most important insight from the 2020 Cost of a Data Breach Report is its advice for data security best practices. Here are just a few ways that your organization can minimize the impact of a data breach — read the full report for more details.
- Invest in security orchestration, automation and response (SOAR) to help improve detection and response time.
- Adopt a zero trust security model to help prevent unauthorized access to sensitive data.
- Stress test your incident response plan to increase cyber resilience.
- Use tools that help protect and monitor endpoints and remote employees.
- Invest in governance, risk management and compliance programs.
- Minimize the complexity of IT and security environments.
- Protect sensitive data in cloud environments using policy and technology.
- Use managed security services to help close the security skills gap.
Use P2PE and Tokenization to Devalue Your Organization’s Data
The best way to minimize the impact of a data breach on your organization is by devaluing your data. With tokenization and point-to-point encryption, clear-text data never enters your system, rendering all data useless to potential hackers.
Protect your data from the point of sale. Whether that’s a card reader, call center, kiosk or online storefront, Bluefin has you covered with P2PE and tokenization solutions. To learn more about our data security solutions, speak to a Bluefin representative today.