The True Cost of a Data Breach in 2022
Escalating Cyberattacks Impact More Than A Company’s Bottom-Line
Data breaches cost organizations millions of dollars: The average price tag is up 10% from 2020 to $4.24 million across all industries and up 29.5% to $9.23 million in healthcare — and the fallout is even more damaging than the initial losses. The remediation costs triple the initial damages, and legal repercussions can add millions to the total bill.
Why do data breaches happen?
Despite advances in cybersecurity, it's far too easy to steal data: Human error accounts for 85% of data breaches (often the result of a mere phishing email). Malware, application vulnerabilities, and stolen credentials or devices make up the difference.
Data breaches aim to steal confidential information — mostly for financial gain and sometimes just for the thrill of exposing organizations. Once an intruder has access to sensitive data, they may hold data for ransom or sell passwords and customers' PII on the Dark Web.
What is the cost of a data breach?
According to the IBM Security Cost of a Data Breach Report 2021, the average cost of a data breach in 2022 is $4.24 million. But where do these totals even come from? And what other damage is done?
The IBM report breaks down the totals into four distinct categories:
1. Lost Business Costs
$1.59 million is the average cost of lost business — including increased customer turnover, lost revenue from downtime, damaged reputation, and lost opportunities.
2. Detection and Escalation
$1.24 million is attributed to the work that goes into detecting a breach and dealing with the immediate fallout. Specifically, this price tag includes the cost of investigation, auditing, crisis management, and internal communications.
$270,000 is the average cost of reporting the breach to customers, regulators, and outside experts.
4. Post-Breach Response
The post-breach response drains an additional $1.14 million from the bank. Organizations face increased customer service demands, regulatory fines, and legal expenditures in the weeks, months, and even years following an attack.
Other costs: The true cost of a data breach.
While the average cost of a data breach is unsettling enough, there are additional costs to consider. Variables such as time to discovery, the number of records exposed, whether or not ransomware is a part of the attack, major legal fallouts, and ongoing losses attributed to a tarnished reputation can shutter a business overnight.
Time to Discovery: It takes 287 days for most victims to identify and contain a data breach. The longer an intruder has access to data, the more records they can steal.
The Number of Records Exposed: The average stolen customer record costs organizations $161. A mega breach of more than 50 million records costs 100x more than the average data breach — rapidly approaching half a billion dollars.
Ransomware Costs: A ransomware breach adds 10% to the total bill increasing the average cost of a data breach to $4.62 million.
Legal Repercussions: The average bill for a data breach goes up to $5.65 million at organizations with a high level of compliance failures, compared to $3.35 million where compliance failures were low. Lawsuits over data breaches are increasingly common, so tightening up security and following protocol is not just smart — it's necessary.
Reputation: Can you put a price tag on reputation? A company's brand and reputation drive business as much as its products and innovations. 83% of US consumers claim they keep their distance from a company that has suffered a data breach — and an additional 21% say they abandon it altogether.
How can I prevent a data breach?
As we're seeing ransoms skyrocketing, remediation draining revenue, and public opinion becoming increasingly unforgiving, the business landscape will soon become uninhabitable for the unprepared. Educating your staff and overseeing compliance with cybersecurity protocols is critical to your business's survival. Start with the following:
Limit access to valuable and vulnerable data: The fewer people with credentials, the less chance those credentials will be compromised.
Keep software up to date: Take inventory of each system and the updates they require. Create a routine to stay consistent.
Destroy before disposal: Before confidential materials are thrown away, be sure they're thoroughly destroyed. Shred papers and permanently delete data from devices like laptops, phones, and old hard drives.
Educate employees on cybersecurity best practices: Use unique passwords, do not share credentials with anyone, report suspicious emails, and do not use company devices for personal use. All it takes for a malicious actor to access company software is one innocent-looking link in an email.
Create an incident response plan: The more you drill, the faster your response.
Having a playbook in place in the event of a breach can help you act quickly, minimize damage, avoid unnecessary fines, and save millions of dollars. Take care of your security systems so that they take care of you — and your revenue.
Read More: What You Need to Do After a Data Breach