2021 Data Breach Statistics to Know
In 2021, the cost of a data breach increased by the largest margin in seven years. It’s reached an unbelievable average of $4.24 million dollars, or an average 38% of total revenue loss per organization. Why such an exorbitant cost? Primarily, it’s a result of lost business due to downtime, poor reputation, and the need for acquiring new clients. Other factors, however, contribute to the cost: legal expenses, regulatory fines, crisis management and communications, forensic investigations, etc.
Essentially, it costs a lot, and the risk only continues to grow. With breaches, the business loss will always be far greater than any charges for initial prevention and protection. Some organizations may avoid implementing proper security measures for a variety of reasons, but the risk isn’t worth it. The following percentages may surprise you: they refer to the causes of confirmed breaches (‘security incidents’).
What causes a security incident?
- 52% are caused by malicious attacks (stolen or compromised credentials, cloud misconfiguration vulnerability, third-party software vulnerabilities, phishing, physical security compromise)
- 25% are caused by system glitches (transient system errors)
- 23% are caused by human error (downloading a malware-infected file, weak passwords)
When information is potentially exposed (‘security event’), human error skyrockets to 95%. Protecting against risk factors like these is necessary and directly correlated to the chance and cost of a breach.
What affects the cost of a breach?
- The largest cost mitigator was the use of security AI and automation, which decreased the cost of a breach by 80%.
- The use of security analytics reduced breach cost by 33%.
- Organizations using high standard encryption (at least AES 256 encryption at rest and in motion) had an average total breach cost 29% less than those using low standard or no encryption.
Other things can affect the cost, like business size and remote work, but it comes down to technology and security. Organizations with smart, fully deployed security can detect and contain a breach more quickly than those that do not, thus lowering the overall damage. On all counts, the less mature an organization’s security posture, the more likely a breach is to occur, the longer it takes to contain, and the more money it will cost.
Takeaway: Risk Mitigators
- Audit your security and determine where the gaps are and how to fill them
- Implement AI security and automation to help improve detection and response times
- Carry out regular penetration testing and incident response testing to increase resilience
- Use tools that help protect and monitor endpoints and remote employees
- Invest in compliance programs for risk management purposes
All these data points reinforce the fact that well-developed security is an absolute business necessity for the sake of business continuity, reputation, data privacy, and so much more. This is why Oasis utilizes layered defense—a wide variety of tools, methods, and verified frameworks—to continuously monitor and manage the protection of our (and our clients’) data, endpoints, and environments. For more information on how to decrease your risk or to talk with a security professional, contact us.
Sources