The cost of a data breach, globally and on average, was $4.5M, a 2% increase over 2022. But wait. The U.S. leads the way regarding data breaches and far surpasses the global average, clocking in at $9.4M. This should worry you if you’re a business owner or strategic leader.
With that said, there are procedures and tools your company can use to prevent a data breach and all the unfortunate events that happen in the aftermath of a breach.
Before we dive into those procedures and tools, let’s start with some basics, like how to define a data breach, talk about some common examples, and explain just how serious they can be for your business.
What is a Data Breach?
What defines a data breach? A data breach is a security incident in which unauthorized parties access your company’s sensitive data or confidential information. This data can include but isn’t limited to customer data, banking information, and even intellectual property. Attack vectors (or initial entry points hackers use) vary, but as we’ll see in a moment, your team is the most successful entry point from a hacker’s perspective.
The most common example of a data breach is human error. Even if you think your employees are trained, tech-savvy, or hip because they’re millennials, the data shows they are not or at least not staying up to date on cybersecurity training. IBM’s Cost of Data Breach Report shows that 16% of all breaches were due to phishing scams. You might be asking what hackers are looking for that’s so valuable, and the answer is Customer and Employee PII or personally identifiable information.
Data breaches and phishing scams are serious problems that companies are paying more attention to. For the last 13 years, the U.S. has held the title for highest data breach costs. With more employees working remotely and businesses moving away from physical, on-site components to cloud-based solutions, it makes sense that over 50% of U.S. companies are investing heavily in incident response, planning, and testing, along with employee security training solutions.
What are the Top Reasons for Third-Party Breaches?
Even though phishing scams and stolen credentials are the leading pathways for hackers, there’s another seemingly easy-to-fix attack vector that many companies overlook: unpatched security vulnerabilities. Unpatched security vulnerabilities made up 5% of all data breaches.
What do unpatched security vulnerabilities even mean? When you think about the many devices in your office connected to the internet, like printers, phone systems, and computers, they all receive regular ‘patching updates’ just like the software updates you get for your smartphone.
If you don’t run those updates or patching, you run the risk of a cybercriminal accessing your company’s sensitive information. One of the most straightforward solutions to close that 5% security gap is having patch management services provided by a NOC team, saving you thousands, if not millions, of dollars.
Understanding the Costs of a Cyber Security Breach
After defining a data breach and explaining some examples of how it might happen, let’s jump into the actual numbers that make up that $4.5M price tag.
The Cost of Breached Data
Again, from the IBM report, the global cost of a data breach equals $4.5M. In the U.S., a data breach’s average cost exceeds $9M!
What About the Cost of Downtime
The 2022 Data Protection Trends report by Veeam broke down the average cost of downtime as $88,000 per hour or $1,467 per minute! However, this amount can fluctuate depending on the industry.
Then, There’s Lost Business
If your company experiences a data breach, you will lose the trust of your customers, lose business to competitors, and must deal with negative word of mouth.
Here are some stats for each category:
- 80% of consumers will defect from a business if their information is compromised
- 33.5% will use social media to complain about their experience
- 52% of consumers will consider paying for the same product or service from a provider with better security
Again, the IBM report shows that the average lost business cost was around $1.3M. Lost business cost is defined in a few ways: business disruptions and revenue lost from system downtime, the cost of lost customers and acquiring new ones, and lost reputation.
Idle Employees and Lost Wages
Some attacks can lock up your systems, which means that until it’s fixed, your employees can’t do any work, yet they still need to be paid.
Regulatory Fines
In 2021, Amazon was fined over $800M for a breach that violated GDPR in Europe, and Meta (Facebook) was fined over $200M for PII stolen when 500M users had their credentials stolen in Ireland.
Your company may not be Amazon or Meta, but you can still be fined for data breaches where customer data is stolen. In the U.S., you would consider regulations like HIPPA. Businesses in the U.S. paid over $200k in regulatory fines.
How to Protect Against a Data Breach
Okay, now we know what a data breach is and what the cost of a data breach is. How do you protect your business? Protection can be broken down into the following categories:
Raise awareness company-wide
Employee security awareness is a must! Not only should your entire team, from top to bottom, be trained on cybersecurity, but it should also be baked into the company culture. It’s too risky not to have cybersecurity baked into company culture.
And another thing, employee security training isn’t a set-it-and-forget-it type of training. Employee training should be ongoing and interactive using a variety of formats like audio, text, and video.
Reduce your threat surface
This brings us back to an earlier piece of the conversation when we talked about patching. Running patch management is one way to reduce your threat surface.
Another way to think about your company’s threat surface is any potential entry point a hacker could use to infiltrate. Think software, hardware, employees, and cloud-based services.
Create and maintain data backups
Speaking of cloud-based services. Just because you have cloud-based solutions doesn’t guarantee your data is backed up, and hackers know this. Cloud misconfigurations make up 11% of attack vectors, so make sure you have data backed up securely. A physical backup or ensuring the cloud configurations are set up correctly is a good idea.
Be prepared for an incident
Your company should have an incident plan, and you should be running fire drills using your plan regularly. If you’re looking for help creating a cybersecurity strategy, check out our post, How to Plan and Develop a Cybersecurity Strategy.
Put the right solutions in place
Before implementing tools or solutions to help prevent data breaches, ensure your business has an incident response plan and that your employees are well-trained. You should also replace any hardware/software that has reached end of life.
Then, consider adding tools like Endpoint Detection and Response (EDR) or SIEM solutions. These sorts of tools will actively hunt down threats and notify the appropriate parties to prevent attacks from happening.
Working with an MSP is also another option. An MSP will help your team create a cybersecurity strategy, help educate your employees, and can even do the alerting, monitoring, and patching to keep your IT environment up and running.
Putting it All Together
The cost of a data breach is no joke. For some companies, there’s no coming back from a significant breach. Why risk all your hard work building up your business only to lose it due to a phishing scam?
Business leaders and owners in the U.S. should take cybersecurity seriously and work to create a culture that has cyber awareness baked into it.
Unfortunately, the stats show that it’s not a matter of if it will happen but of when. Investing to protect your hard work now is the right choice!
Stay ahead of the threats—subscribe to the newsletter.
Essential cybersecurity insights for business leaders, delivered to your inbox.