How Much Does a Security Breach Cost?
DataProt is supported by its audience. When you buy through links on our site, we may earn a commission. This, however, does not influence the evaluations in our reviews. Learn More.
Data breaches have always been expensive, but with the current public health crisis, cybercriminals are exploiting the situation even more.
According to IBM Security’s “Cost of a Data Breach Report 2022,” the worldwide average expense of a data breach rose by 2.6% from $4.24 million in 2021 to $4.35 million in 2022. This is the highest recorded cost in the report’s history.
World Economic Forum predicts a 100% increase in cyberattacks by 2025. As a result, businesses feel compelled to take preventative measures and seek superior solutions.
Read on to understand how much a security breach costs and the factors that contribute to security breaches.
Data Breach Global Costs
According to the Ponemon Institute’s study for IBM Security, the worldwide average overall expense from a data breach grew by USD 0.11 million to reach USD 4.35 million.
This figure represents a 2.6% growth from the value of USD 4.24 million recorded in the 2021 analysis. Over the last two years, the average total cost has escalated by 12.7%, climbing from USD 3.86 million in the 2020 analysis.
The five countries or regions with the most expensive average data breach cost were:
- The United States — $9.44 million
- The Middle East — $7.46 million
- Canada — $5.64 million
- The United Kingdom — $5.05 million
- Germany — $4.85 million
The high costs of data breaches were attributed to two primary factors: a lack of security automation and incident response protocols in organizations.
Common Causes of Data Breaches
Any unauthorized access or possession of personal information can be categorized as a data breach, including identity theft through cybercrimes or the theft of electronic devices such as laptops and mobiles that contain personal information.
Here are some of the few causes of data breaches:
Human Error
More than half of data breaches are due to human error. Examples include emailing the wrong recipient or disclosing confidential information by mistake. Such actions can jeopardize a company’s reputation and incur significant indemnity charges.
Malicious Cyber Attacks
As digital transformation continues, new cyber attacks will emerge. Ransomware, malware, and virus attacks are significant causes of data breaches.
Phishing
Phishing accounts for 43% of data breaches worldwide. Users are tricked into clicking malicious links that can compromise the entire system. Companies must train their employees to identify such links to avoid phishing attacks.
Stolen/Weak Credentials
Cybercriminals can easily crack predictable passwords, making it easy for them to steal personal information. Mismanagement of access and mobile device security policies can also cause data breaches.
Physical Theft/Loss of Device
The second most common data breach is physical theft or loss of a device, which can be intentional or malicious. Employees may unintentionally share passwords, lose laptops, and leave papers or phones behind. Malicious attacks can cause extensive damage.
Social Engineering
Even tech-savvy people can fall victim to social engineering attacks. Cybercriminals can exploit a person’s gullibility to exchange data for rewards or other offers. This can expose individuals and their businesses to different types of data breaches.
Impact of Security Breaches on Small and Medium-Sized Businesses
Small and medium-sized enterprises (SMEs) are increasingly becoming cybercrime targets, with attacks becoming more frequent, intricate, and focused.
Accenture’s Cost of Cybercrime study found that almost half (43%) of all cyber attacks were directed at SMEs, yet only 14% were equipped to defend against them.
A cyber attack disrupts normal business operations and can damage critical IT infrastructure and assets. These infrastructures and assets may be easier to recover with adequate funding and resources.
SMEs are especially vulnerable to these attacks because
- 45% of SMEs have insufficient security measures to mitigate cyber attacks
- 66% of SMEs have experienced a cyber attack within the past year
- 69% of SMEs believe that cyber attacks are becoming more targeted
Phishing and social engineering attacks are the most common cyber attacks on SMEs. These account for 57% of attacks, followed by compromised or stolen devices (33%) and credential theft (30%).
Understanding the risks and implications of cybercrime is crucial to minimize potential damage, maximizing the value of cybersecurity efforts, and even preventing future attacks.
Industries With the Costliest Data Breach
It is vital for businesses operating within the healthcare, pharmaceutical, energy, or financial sectors to exercise heightened caution, as these industries are typically more susceptible to incurring high costs due to data breaches.
As highlighted in the Ponemon Institute report for IBM, the healthcare industry saw a notable increase of 10.5% in the overall cost of data breaches.
Similarly, the retail industry experienced a 9.2% increase compared to 2019, whereas the energy sector suffered a considerable 14.1% rise.
These substantial financial losses are often accompanied by damage to a company’s reputation, which can be just as costly.
Five Costliest Data Breaches in History
Data breaches have become a major concern, with companies and organizations facing significant financial losses and reputational damage. While some data breaches are minor, others have caused considerable damage, costing millions.
The following are some of the most significant data breaches of all time:
1. ExPetr / NotPetya (2017)
Cost: $10 Billion
This sophisticated malware used multiple exploits to spread beyond the initially targeted area of Ukraine to the entire world.
To deliver their ransomware, they used the MeDoc update server. Infected computers were locked, and users could not access any files until they paid a ransom of $300 in Bitcoins.
2. Epsilon (2011)
Cost: $4 Billion
Hackers stole thousands of names and email addresses from email marketing giant Epsilon, affecting clients like Best Buy, JPMorgan Chase, and Target.
Each client faced nearly $5 million in customer notification, settlement, and compliance costs. As a result, Epsilon incurred billions in liabilities and lost business.
3. Mafiaboy Attack (2000)
Cost: $1 Billion
In 2000, Michael Calce, also known as Mafiaboy, launched a DDoS attack on high-profile websites such as Amazon, CNN, eBay, Yahoo!, and Dell. He brought down the larger sites by using a group of university networks to overload them with too much information. This caused around $1 billion in losses due to revenue, cybersecurity improvements, and investigations.
4. Veterans Administration (2006)
Cost: $500 Million
The VA made several cybersecurity mistakes, like not encrypting their data, which led to physically stealing patient records for 26.5 million veterans, military personnel, and their families.
5. Sony PlayStation (2011)
Cost: $171 Million
Cybercriminals who accessed data from over 100 million online accounts hacked Sony’s digital network. The attack caused the PlayStation Online service to shut down temporarily, and Sony Corp. lost billions in revenue and value due to the damage to its public image.
Investing in cybersecurity measures, regular vulnerability testing, and staff training can help to reduce the risk of data breaches. Additionally, having a plan to respond to a breach can minimize the damage and help restore trust in the organization.
Wrapping Up
The data breach cost continues to rise globally, with the COVID-19 pandemic exacerbating the situation. Organizations’ lack of security automation and incident response protocols remains the primary reason for high breach costs.
Data exposure makes sectors such as healthcare, pharmaceuticals, energy, and finance more vulnerable to significant costs. The type of data breached, intentional or unintentional, also significantly determines the cost.
Businesses must be vigilant and prioritize cybersecurity measures to prevent breaches, which can lead to substantial financial losses and damage to their reputation.