According to the latest data breach report by IBM and the Ponemon Institute, the cost of a data breach in 2021 is US$ 4.24 million; this is a 10% rise from the average cost in 2019, which was $3.86 million.
The global average cost of cybercrime is expected to peak in the US at $6 trillion annually by the end of 2022, driven by the proliferation of ransomware attacks. The report by Ponemon Institute and IBM Security considers hundreds of cost factors from legal, regulatory, and technical activities, loss of brand equity, customer turnover, and drain on employee productivity.
Its findings are based on 537 breaches across 17 countries and 17 industries, with data gathered from almost 3,500 interviews. According to the report:
Another contributing factor is the growing number of remote workers. These two factors account for over one-third of all breaches annually and are some of the most challenging issues to address due to their complex nature. Thus, organizations need IT services now more than ever.
The GDPR defines personal data as anything that directly identifies an individual, such as a person's name, surname, phone number, social security number, driver's license number, or other personally identifiable information (PII).
The GDPR is a set of rules for businesses conducting business in the EU, and it's only going to get more relevant as the US starts to adopt similar privacy measures.
One of the most important things to note about the GDPR is that it encourages the use of pseudonymous information over directly identifying information as it reduces the risk of data breaches having adverse effects on individuals.
You see, if information that can be used to identify an individual (like their name or email address) is stolen during a data breach, they could be at risk for identity theft and other forms of cybercrime. That's why you should always use pseudonyms when collecting data from your users—it protects them by ensuring that their sensitive information can't be used against them.
The study from IBM found that adopting remote work models significantly increases the cost of data breaches—by $1.07 million on average! Remote work also makes containing a data breach significantly more difficult: On average, surveyed businesses with up to 50% of staff working remotely took at least 58 days to identify and contain data breaches. So if you plan on implementing a remote workforce, make sure your cyber security practices are in good shape first!
For one thing, customer PII was the most common and most expensive type of record lost or stolen in a data breach. It represented 44% of all breaches and had an average cost per customer PII record of $180. That's a lot of money!
Another fascinating thing we discovered is that the most common initial attack vectors were compromised credentials, which facilitated 20% of all breaches. This means that people trying to steal your information are often starting with your business emails. If they can get access to those, they have a whole world of possibilities open to them!
The financial impact of this type of breach is enormous: It results in an average total cost of 5.01 million dollars per breach.
Breaching involving between 50 million and 65 million records had an average cost of $401 million in 2021, compared to $392 million in 2020.
Breaches are expensive: According to the 2019 Cost of a Data Breach Report by IBM Security & Ponemon Institute, the average cost per customer PII record compromised in a breach was $180, and customer PII was included in 44% of breaches. This means that if any customer information is stolen during a breach in your company, it's going to be costly.
Breach lifecycles are long: In 2019, it took an average of 206 days to identify a breach and 73 days to contain it, amounting to a 279-day breach lifecycle. In 2021, the average time to identify a breach was 212 days, and the average time to manage it was 75 days, totaling a 287-day breach lifecycle. The key thing to understand is that the faster a data breach is identified and contained, the lower the damage costs.
If you think about it, there are two types of data breaches.
The first type is the breaches that happen instantly. A hacker comes in and steals your information and sells it on the dark web before you even know what's happened.
The second type is a bit sneakier. It's a breach that happens over a long period—even years—without you noticing it until it's too late.
These are the ones that are hardest to prepare for but also the most common. According to a recent study from Verizon, they were responsible for over 80% of all data breaches in 2018.
One reason why these slow-moving data breaches are so dangerous is that they're harder to detect until they've already caused massive damage. Another is their cost: Life cycles less than 200 days were on average $1.26 million less costly than breaches with lifecycles greater than 200 days ($3.61 million vs. $4.87 million).
The key is confidentiality countermeasures—that means everything from awareness training to sophisticated cybersecurity software can help prevent unauthorized access to sensitive information while ensuring the right people can still access it!
Confidentiality, Integrity, and Availability
Three of the most critical aspects of information security.
These three concepts are known as the CIA trinity or triad.
They are foundational for information security professionals to understand.
Confidentiality: Preserving authorized restrictions on information access and disclosure, including protecting personal privacy and proprietary information. This includes preventing sensitive data from being accessed by unauthorized users or being disclosed accidentally or deliberately to individuals who are not authorized to see it.
Data can be exposed to national security, business secrets, individuals’ data, or intellectual property; organizations must secure this data to comply with various laws, regulations, and ethical norms. Examples of confidentiality countermeasures:
Examples of countermeasures to protect data integrity
File permissions: A data file can be set so that only certain users or groups can access it.
User access controls: A user can be restricted from accessing specific files or features based on their role in the organization.
Audit logs: When a user acts as the system, a log of who did what and when is created.
Version control: Each time a file is changed, the changes are logged along with the date/time and who made them.
Cryptographic checksums: A cryptographic function is applied to all data on storage devices and checked periodically against a known value. If any changes are detected, it means the data has been altered.
Backups: A copy of all critical data is saved in a secure location if the primary copy is lost or damaged.
Redundancies: Multiple copies of important information are kept on different devices, at least one of which is backed up offsite if something happens to the primary storage facility.
A conversation about data privacy has been brewing for a while. But since Europe's new data protection regulation, GDPR, goes into effect in May of this year, there has been a renewed push to enact similar laws in the US. Although no single federal law currently exists in the US, multiple attorney generals and members of Congress have proposed legislation that would provide stricter reporting guidelines around data breaches.
These laws require organizations to give clear notice to individuals about what data is being collected, the reason for collecting, and the planned uses of the data. In consent-based legal frameworks, like GDPR, explicit consent from the individual is required.
GDPR extends the scope of EU data protection laws to all foreign companies that process the data of EU residents. Requiring that all companies:
One of the most vital aspects of managing a business is ensuring you have effective IT services. In this technological age, where everything is connected to some data management mechanism, managing your data can significantly affect your business, either positively or negatively.
Hiring an IT service provider ensures that you have a reliable technical support system, and your employees and customers have access to the software they need when they need it. This allows them to be more productive and efficient in their work, which ultimately positively impacts your bottom line.
In addition to ensuring that your data is adequately managed, well-maintained technology also helps you build trust with your clients. If a customer has a poor experience with your company because of outdated technology, this can cause them to stop doing business with you in the future.
It’s also important to note that good technology can help make sure you stay up-to-date on the latest trends in your industry. If a new product that could help improve your business processes is released, but you don’t have the proper hardware or software to support it, then it won’t be as valuable as it could be.
It's easy for companies to communicate with their customers, market their products and services, and streamline production processes. And because data is the new currency of the digital age, more and more businesses are investing in IT services. It's essential to manage this data well; it can positively or negatively affect your business.
If you're working on a tight budget, you might be tempted to cut corners when it comes to your IT support. But that can be a big mistake!
Fortunately, SSI offers managed IT services in Philadelphia. Instead of cutting corners, consider outsourcing your IT support—it can save you money in the long run and free up your internal resources for other projects.