Data Breaches Can Cost Far More than Money

Originally published by PKWARE here.

Every year, cyber-attack statistics grow larger and more threatening. In 2021 alone, the average number of cyberattacks and data breaches increased by 15.1 percent over 2020.

This sharp increase should prompt organizations to consider when—not if—they will be attacked and prepare accordingly. But in order to do so, businesses need something that has been lacking in most cybersecurity conversations up to this point: a deeper understanding of both the risks and the true costs of a data breach.

Show Me the Money

As data breaches are reported publicly, details tend to include the number of individuals who were impacted, the dollar amount of a ransom demand, or how much the cyber attacker is selling the information for on the dark web. Yet costs and the associated business fallout goes beyond just this first layer of the initial impact.

According to IBM’s most recent Cost of a Data Breach Report, the global average total cost of a data breach has recently increased 10 percent to $4.24 million. When ransomware is involved, the cost increases to $4.62 million, which includes escalation, notification, lost business, and response cost. Looking at data breach statistics from the United States alone, the cost of a data breach more than doubles to $9.05 million. And while remote work has become the norm over the past two years, it also increases the cost of a data breach by $1.07 million.

We often define data breaches in dollar amounts, but it’s not simply a cost problem. Nor are breaches just about the data. Rather, it’s about an organization’s ability to continue producing and selling their products and/or services.

Security is, therefore, a business problem.

Counting the Broader Cost

The initial impact of a data breach is often first felt in the day-to-day processes of doing business via an inability to access the critical information necessary to do business. The immediate business “cost” thereafter may depend on what “doing business” means to the organization.

When hackers gained entry to the Colonial Pipeline Co. networks in late April 2021, the organization was forced to shut down the largest fuel pipeline in the US a week later in order to contain the attack. The total “cost”? During the six-day pipeline shutdown, panicked East Coast residents flocked to gas stations to hoard fuel, driving up the cost of gasoline and ultimately resulting in many local gas shortages. Seventeen states and Washington, D.C. ended up declaring a state of emergency.

Despite Health Insurance Portability and Accountability Act (HIPAA) healthcare data compliance measures having been in place since 1996, hacking and healthcare data breaches are recently on the rise, and experts predict that trend will continue. Beyond the inability to access data or the ruinous consequences of having patients’ private data available publicly, healthcare data breaches have real life and death costs as well: In 2019, a study found that for every 10,000 heart attacks at a hospital that was experiencing a cyber breach, there were approximately 36 additional deaths over and above the typical heart attack fatality rate.

Avoiding the Non-Monetary Costs of a Breach

The cost of a data breach is far more than monetary, going so far as to impact surrounding communities and even becoming a matter of life and death. Building a corporate risk management strategy and vulnerability framework to identify data that needs to be protected is a great first step. You can’t protect what you don’t know you have, and if you don’t know what you have, it’s that much easier for threat actors to steal it and destroy your business—and more.

Data security is a business problem that must be approached and solved that way, too, in order for businesses to withstand the non-monetary costs of a sensitive data breach.

Want to read more? Download our complimentary ebook, How Much Can You Lose in A Cyber Attack? The Ripple Effect of A Data Breach.