In 2021, the cost of a data breach
increased by the largest margin in seven years. It’s reached an unbelievable average
of $4.24 million dollars, or an average 38% of total revenue loss per
organization. Why such an exorbitant cost? Primarily, it’s a result of lost
business due to downtime, poor reputation, and the need for acquiring new
clients. Other factors, however, contribute to the cost: legal expenses,
regulatory fines, crisis management and communications, forensic
Essentially, it costs a lot, and the risk only continues to grow. With breaches, the business loss will always be far greater than any charges for initial prevention and protection. Some organizations may avoid implementing proper security measures for a variety of reasons, but the risk isn’t worth it. The following percentages may surprise you: they refer to the causes of confirmed breaches (‘security incidents’).
What causes a security incident?
- 52% are caused by malicious attacks
(stolen or compromised credentials, cloud misconfiguration vulnerability,
third-party software vulnerabilities, phishing, physical security compromise)
- 25% are caused by system glitches (transient
- 23% are caused by human error
(downloading a malware-infected file, weak passwords)
When information is potentially exposed (‘security event’), human error skyrockets to 95%. Protecting against risk factors like these is necessary and directly correlated to the chance and cost of a breach.
What affects the cost of a breach?
- The largest cost mitigator was the use of security
AI and automation, which decreased the cost of a breach by 80%.
- The use of security analytics reduced
breach cost by 33%.
- Organizations using high standard
encryption (at least AES 256 encryption at rest and in motion) had an
average total breach cost 29% less than those using low standard or no
Other things can affect the cost, like business size and
remote work, but it comes down to technology and security. Organizations with smart,
fully deployed security can detect and contain a breach more quickly than those
that do not, thus lowering the overall damage. On all counts, the less mature
an organization’s security posture, the more likely a breach is to occur, the
longer it takes to contain, and the more money it will cost.
Takeaway: Risk Mitigators
- Audit your security and determine where the gaps
are and how to fill them
- Implement AI security and automation to help
improve detection and response times
- Carry out regular penetration testing and
incident response testing to increase resilience
- Use tools that help protect and monitor
endpoints and remote employees
- Invest in compliance programs for risk
All these data points reinforce the fact that well-developed security is an absolute business necessity for the sake of business continuity, reputation, data privacy, and so much more. This is why Oasis utilizes layered defense—a wide variety of tools, methods, and verified frameworks—to continuously monitor and manage the protection of our (and our clients’) data, endpoints, and environments. For more information on how to decrease your risk or to talk with a security professional, contact us.
Institute & IBM Security 2021 Cost of a Data Breach Report
- Cybersecurity Stats to Know in 2021: 7-Point Guide