The fact that you're reading this right now means you might have already lost sleep over data breaches. No one can blame you. If your business suffered a data breach, you could just as well say you went through significant financial losses. That's because the impacts of a breach can result in your hard-earned money going down the drain. They are expensive problems to have, and sometimes they're even more expensive to solve.
But how much can a data breach really cost your business? That's what the Ponemon Institute and IBM aim to figure out each year in their Cost of a Data Breach Report. For their 2021 study, they found some very interesting trends and statistics that can shed some light on the main issues and help your business make smarter decisions moving forward.
In this article, we'll help you understand the study's key findings and how you can use those insights to find better solutions. That's because, at ITS, we are firm believers in helping businesses make smart data-driven decisions.
Key Findings from the Cost of a Data Breach Report 2021
The 2021 Cost of a Data Breach Report is now in its 17th year and has become one of the leading benchmark reports in the cybersecurity industry. This year's study revealed a lot of very interesting insights. Take a look below at some of the most valuable ones we found:
The Average Cost of a Data Breach Reached All-Time High
2021 saw the average cost of a data breach hit an all-time high of $4.24 million from $3.86 million in 2020. What's worse is that US companies recorded the highest average cost at $9.05 million per breach.
Lost Business Contributed 38% of Data Breach Costs
Losing the trust of your customers and clients is one of the most devastating impacts of a data breach. According to the study, it contributed to over a third (38%) of the cost of an incident. That adds up to an average of $3.4 million worth of lost business.
The number accounts for a range of costs arising from a data breach. That includes initial business disruption, revenue loss due to downtime, customer loss, and reputational damage.
In almost all cases, preventing a breach is going to be cheaper than containing one.
The Healthcare Industry Recorded the Highest Average Data Breach Costs
The healthcare industry paid the most for data breaches again. The sector has topped the list for the 11th consecutive year since the first study in 2004. What's worse is that the average cost they paid increased by 29.3%, from $7.13 million in 2020 to $9.23 million in 2021.
That brings an important issue to light. If your organization is operating in the healthcare industry, investing in advanced cybersecurity measures is vital.
Customer PII was the Most Common and Most Expensive Type of Record in a Data Breach
According to the study, Customers' personally identifiable information (PII) was compromised in almost half (44%) of all recorded data breaches. That makes it the type of record most often lost or stolen.
In addition, since Customer PII falls under the incidence of data protection regulations, it's also the most expensive type of data compromised in a breach. It hits at an average of $180 per lost or stolen record.
Compromised Credentials were the Most Common Attack Vectors
Protecting your credentials could significantly help reduce your risk of expensive incidents. The study found that in 20% of all breaches, the hackers were able to gain entry by leveraging compromised credentials. That is followed by phishing attempts (17%), cloud misconfiguration (15%), and business email compromise (4%).
While compromised credentials were identified as the most frequent initial attack vectors, they didn't have the highest average cost. The attacks with the highest overall costs were business email attacks, costing businesses an average of $5.01 million.
Consider adding stricter security policies concerning your team's logins. Enforcing password policies and multi-factor authentication are cost-effective ways of reducing breaches caused by compromised credentials.
Businesses are Taking Longer to Detect and Contain Data Breaches
The longer a breach goes under your radar, the more it will cost your business. According to the study, breaches in 2021 often went undetected for an average of 287 days. That's well above the absolute maximum threshold of 200 days to effectively reduce data breach costs.
Organizations that have been able to detect and contain a breach within 200 days had an average cost of $3.61 million. However, incidents that took longer than 200 days had costs that went up to $4.87 million.
There are ways to improve your network's threat detection and response. You can consider implementing security information and event management (SIEM) solutions and endpoint detection and response (EDR) software.
Remote Work Played a Big Factor in Higher Data Breach Costs
Organizations with remote work environments are still finding it hard to contain data breaches. In the study, it was found that organizations that had more than 50% of their workforce working remotely took 58 days longer to identify and contain breaches. That, in turn, resulted in more expensive data breach costs.
The numbers indicate that if your business plans on continuing work-from-home arrangements, your cybersecurity measures need to adapt to that change. Deploying secure cloud solutions, virtual private networks (VPNs), and next-gen firewalls are great options to consider. You can also hire a reliable managed service provider (MSP) to help secure devices remotely.
Organizations with High Compliance Failures Paid Much More
On average, organizations that failed to comply with industry regulations paid $2.3 million more. High-level compliance failures often result in hefty fines, penalties, and even litigation. That all adds up. According to the study, those that suffered such high-level failures had an average cost of $5.65 million. What's worse is that those in stricter regulatory environments continued to accrue costs in later years following a data breach.
Complying with regulations can be a huge investment, but it will pay off in the long run. Try to conduct regular third-party security assessments or hire an MSP to help you solve any compliance issues you might have.
Zero-Trust Strategies and Security AI Significantly Reduced Data Breach Costs
It's not all bad news. The study also found that some solutions were successful in reducing the overall costs of a data breach. Most notably, artificial intelligence (AI), automation, and zero-trust strategies were identified as effective measures to invest in.
For one, AI and automation were able to help organizations lower average costs by as much as 80%. Companies that deployed the solutions paid an average of $2.90 million compared to $6.71 million for organizations that didn't have them. For its part, the research also highlighted that zero-trust approaches helped reduce the cost of data breaches by up to $1.76 million.
While those solutions have proven to be effective, it's important you realize that having the right tools and strategies is only the first step. Employing the right team to manage and make use of those solutions is just as essential.
Ready to Invest in Security to Prevent Data Breaches?
The cost of data breaches has continued to rise in recent years, and it's not showing signs of stopping. If you're worried, you should understand that now is the time to invest in your cybersecurity. Not only can it prevent costly incidents, but it can also grant you some peace of mind.
At ITS, we've spent almost 20 years helping our clients manage and protect their data. If you want to learn how MSPs like us can help your business prevent breaches, check out our article on How Managed IT Protects Data?