There’s no question that data breaches are becoming more and more costly and common with every passing year. Just look at last year’s ransomware attack that shut down the Colonial Pipeline, the largest fuel pipeline in the U.S., until a $4.4 million ransom was paid. Or how the world’s largest meat producer, JBS Foods, paid an $11 million ransom to hackers following a cyber attack.
Get a quote on Cyber Liability Insurance
But it’s not just high-profile companies with deep pockets suffering from the rapid increase in data breaches. The risk of a data breach exists for companies of any size and industry. According to the annual Cost of a Data Breach Report from IBM, based on research conducted by Ponemon Institute, the average cost of a data breach increased to $4.35 million in 2022. The latest figure, a new all-time high for data breach costs, is a 12.7% increase over 2020’s average of $3.86 million.
While every business can be a victim of a data breach, the type of threat will vary based on location, company size, and industry. So while a small business selling skincare products may not have the same cybersecurity threat level as the Colonial Pipeline, the risk is still very much there.
So how can businesses protect themselves against data breaches and the costly fallout? It all starts with having an awareness about the various factors that contribute to data breach costs.
What Is a Data Breach?
The first step in protecting your business against data breach costs? Understanding what a data breach is.
A data breach is a security incident where an unauthorized party accesses an organization’s confidential, protected, or sensitive information. For example, a breach could involve the theft of sensitive data such as personally identifiable information (credit cards, social security, personal health info, etc.), passwords, financial accounts, or proprietary corporate data.
Cybercriminals are constantly finding new ways to access restricted information. Distributed denial of service (DDoS), ransomware, malware, phishing and social engineering, and zero-day attacks are just some of the measures they use to access a company’s data.
While most people think of data breaches as being caused by a hacker sitting in a dark basement somewhere in front of 15 monitors, the real source of most breaches is much closer. That’s because a lot of breaches aren’t the result of a sophisticated hacking scheme and instead are due to an error made by a company’s employee. According to the IBM report, unintentional human errors account for 21% of breaches as of 2022.
What’s more, it’s also possible to be susceptible to a breach through a compromised business partner, with supply chain attacks causing 19% of reported breaches.
The Rising Global Cost of Data Breaches
It’s no surprise that the exploding cost of data breaches goes hand-in-hand with the growing occurrence of cybercrimes. According to the Identity Theft Resource Center’s 2021 Data Breach Report, there were 1,862 data breaches, a staggering 68% increase compared to 2020. Plus the Cost of a Data Breach Report found that 83% of organizations have experienced more than one data breach.
While the IBM report found the average total cost for a data breach in 2022 to be $4.35 million, the average expense of a ransomware attack is now $4.54 million – and that doesn’t even include the actual ransom cost.
And the figures get more troublesome when looking at the average totals for individual countries or regions. The U.S. ranked as the costliest country for a data breach, with an average cost of $9.44 million. The Middle East had the second highest average total cost with $7.46 million, followed by Canada in third with $5.64 million.
Costliest Industries for Data Breaches
As we noted earlier, the threat of a breach is relevant to all industries, but some sectors are favorite targets of cybercriminals.
For companies considered to be critical infrastructure, meaning financial services, technology, energy, transportation, healthcare, industrial, communication, or public sector industries, the average data breach cost reached $4.82 million in 2022, according to IBM’s report. In fact, that total is $1 million more than the average cost for companies in other industries, a difference of 22.9%.
When looking at individual industries, healthcare has routinely been the costliest for data breaches, with an average total of $10.10 million in 2022. Next up on the list is financial services with an average of $5.97 million, followed by pharmaceuticals ($5.01 million), technology ($4.97 million), and energy ($4.72 million).
What’s the Impact of Remote Work on Data Breach Costs?
As with basically everything else, the COVID pandemic, and, in turn, the rise in remote work, has had an impact on data breaches. In its report, IBM noted a “strong correlation” between the cost of a data breach and remote working.
That strong correlation is likely because remote working has become a hacker’s dream come true. Cybersecurity vulnerabilities have intensified tenfold since remote working picked up steam thanks to employees accessing information on unprotected home networks, transferring data between business and personal devices, using weak passwords, and being distracted.
For organizations with the majority of employees working remotely, the average cost of a data breach was $5.10 million. In comparison, organizations with less than 20% of employees working remotely had an average data breach expense of $3.99 million.
There is also a cost difference when remote work is a factor in causing a data breach. Among companies that indicated remote work played a role in a data breach, the average cost of a breach was $4.99 million. But when remote work didn’t contribute to a data breach, the average cost was $4.02 million.
Of course, despite these findings, remote work is here to stay. So here’s hoping more organizations will invest in cybersecurity measures to protect against a data breach in order to fully reap the benefits of a remote workforce.
How to Reduce Data Breach Costs
Now that you know the potential cost of a data breach, what can you do to reduce that expense? There are actually some simple steps that can have a significant impact, like limiting who has access to confidential files, implementing regular software updates, using multi-factor authentication, and mandating that employees use unique passwords and change them a few times a year.
Implementing training and testing for employees can also ensure everyone stays up to date on your company’s cybersecurity protocols. If you already have cybersecurity training, make sure that it’s taking place at least twice a year (though quarterly would be even better). Keep in mind that cybercriminals are constantly getting creative with ways to access data, so make sure the training is regularly reviewed and updated to remain relevant.
It’s also essential to prepare for what your business will do if it becomes the victim of a data breach. According to the IBM report, having an incident response team and tested plan leads to major cost savings. Businesses with a team that regularly tested their incident response plan saw an average data breach costs $2.66 million lower than organizations without an incident response team and plan – that’s a massive 58% difference.
But even the most rigorous cybersecurity plans and practices aren’t foolproof from cybercrimes. That’s why most businesses would benefit from investing in a cyber insurance policy with data breach inclusion. A cyber insurance policy will allow you to transfer the risks and costs of a data breach to your insurer. Not sure if another insurance policy is worth the expense? Consider that a cyber insurance policy costs much less than a data breach.
While the most important aspect of cyber insurance is network security coverage, which addresses a network security failure – such as data breach, ransomware attacks, and malware – a robust policy will also cover liability claims and additional expenses of a cybersecurity incident. For example, if a cybercriminal accessed your company’s confidential data and stole customer information, a cyber insurance policy would cover the costs of notifying victims, credit monitoring, civil damages, computer forensics, and reputational damage.
Plus, most cyber insurance policies provide policyholders with resources to help design effective cybersecurity and data encryption protocols.
The Bottom Line on Data Breach Costs
It’s safe to say that the cost and occurrence of data breaches will, unfortunately, only continue to escalate in the coming years. But that doesn’t mean that mitigating data breaches and the associated costs is a lost cause. The good news is that there are several proactive measures you can implement to ensure your business can weather a data breach. Investing in protective measures now will save you and your company immensely down the road.