2021 was a record year for ransomware and data breaches. One of the key findings of IBM’s annual Cost of a Data Breach Report 2021 was how costly data breaches have become for organizations across all industries. 2021 saw attacks leveraged against critical infrastructure, manufacturers, and event the meat-packing industry.
As we close out 2021 and head into 2021, we look at some of the major findings from this year’s report.
The cost of a data breach is up.
2021 saw the highest average cost in the 17-year history of the Cost of a Data Breach Report. The average price of a data breach increased by about half a million dollars, from USD $3.86 million to $4.24 million. At a whopping 9.8%, this was the largest margin of increase in seven years.
The average cost per record stolen also saw a substantial upshoot, increasing from $141 in 2017 to $161 in 2021, a total of 14.2%.
Remote work drove data breach costs higher.
Since the beginning of shelter-in-place orders in early 2020, working from home proved to be a security challenge for organizations. For example, in data breaches where remote work played a role, the cost in damages was $1.07 million higher than in breaches where working from home was not a factor.
Personally Identifiable Information was the most commonly stolen record.
Of the types of records compromised in data breaches, customer Personally Identifiable Information, or PII, was by far the most common. Found in 44% of all data breaches, consumer PII could include anything from names and addresses to Social Security Numbers and credit card numbers, all of which can cause irreparable damage to a consumer’s identify and finances, not to mention sink the reputation of affected companies.
The second most common type of information stolen was anonymized customer data – data that isn’t personally identifiable but is often used to analyze consumer trends and behaviors. Anonymized customer data was found in 28% of all data breaches.
Ransomware was the most expensive type of data breach.
It’s no wonder ransomware is on the rise. Holding sensitive data and even entire systems for ransom is highly lucrative for cybercriminals – and incredibly costly for organizations. According to IBM, the average ransomware attack cost more than any other type of breach at $4.62 million, not including the additional cost of the ransom itself.
The most common cause of a data breach was compromised credentials.
In 2021, compromised log-ins and credentials were the most popular point of entry for cyber thieves. In total, leaked or stolen account information made up 20% of breaches, costing on average $4.37 million.
Healthcare was hit hardest for the 11th year in a row.
Of all the industries analyzed by IBM, healthcare providers took the hardest hit in, 2021 with an average of $9.2 million lost due to data breaches. This may not come as a surprise, as this is the 11th consecutive year that healthcare has taken the top place for the average cost of data breach. However, losses have climbed significantly since 2020, when the average cost was just $7.13 million.
Protected Health Information (PHI) is a treasure trove of personal and financial information for hackers. In comparison, the second most costly industry was the financial industry at just $5.72 million, followed by pharmaceuticals at $5.04 million, tech at $4.88 million and energy at $4.65 million.
Strong encryption helped reduce costs.
Employing high-quality encryption measures is one of the top mitigators of financial losses, especially when combined with a zero-trust approach to data security. In a study of 25 factors that reduced or increased the total cost of a data breach, high-standard encryption was the third most impactful factor in minimizing damages. On average, strong encryption saved organizations about $1.25 million.
Noncompliance was the top factor of amplified data breach costs.
Organizations that failed to comply with security guidelines accrued the highest average cost of a data breach. Not only do these businesses have to contend with IT costs, loss of consumer trust and other data breach damages, but they also deal with hefty fines, penalties, legal fees, and lawsuits.
On average, a data breach at an organization with a high level of compliance failures cost 51.1% more than organizations with low levels – about $2.3 million.
Devalue your data with Bluefin.
A data breach or ransomware attack cannot always be prevented. Organizations have numerous entry points that require perimeter protection to keep the bad guys out, which can be extremely challenging.
What companies in all industries can do, though, is devalue the PII, PHI and payment data that they receive and that they store in their systems through a combination of encryption and tokenization. Both solutions “mask” original data elements so that if your system is breached or held for ransom, hackers will find nothing of value to monetize.
Bluefin is the leading provider of payment and data security solutions to protect organizations globally. Our PCI-validated point-to-point encryption (P2PE) solutions provide the highest level of encryption for omnichannel point-of-sale payments, while our ShieldConex® data security platform immediately tokenizes PII, PHI and payment data entered online. Together, our P2PE and ShieldConex solutions protect every type of data and every point of entry, ensuring that companies do not intake, transmit or store clear-text data.
We can protect your entire organization in 2022. Contact us to learn more.