How much will a data breach really cost my company?
IBM has just released its 2021 Cost of a Data Breach Report, which shows a significant increase in the costs related to data breaches as a result of more people working remotely amidst the COVID-19 pandemic. The report also shows the impact of data breaches on company costs even where remote working wasn’t a factor. The average total cost of a data breach increased by nearly 10% to $4.24 million, the highest recorded in the 17 years that the report has been tracking these figures.
It’s interesting to note that “Costs were significantly lower for some organisations with a more mature security posture, and higher for organisations that lagged in areas such as security AI and automation, zero-trust and cloud security.” This insight from the report shows that companies that invested in a security, including cloud security, were better positioned to deal with threats to their systems and data and experienced a lower recovery cost when an actual breach occurred.
Impact of remote working
The report shows that remote working had a marked impact on the risks companies face, particularly in the amount of time it took to pick up breaches. Companies with a majority of employees working remotely took, on average, nearly two months longer to identify and contain security breaches. This indicates that, while it may feel costly in both time and money upfront, establishing good remote working protocols and adequate IT system support for remote working is extremely important.
What are the costs?
The report shows that there are four main areas where companies experience costs from data breaches: detecting and escalating breaches; notifying affected parties; lost business, and the post-breach response. Lost business accounts for the greatest portion of the overall costs of a data breach.
Although the scale of these costs varies according to the size of a business and the amount of data it handles, the cost for a small-to-medium-sized enterprise may be felt for longer as they don’t have the same financial buffers available as large corporations when dealing with the fallout of a breach.
Data breaches are not just a problem in the Global North. In South Africa, the average total cost of a data breach was $2.14 million in 2020, and this rose sharply to $3.21 million in 2021.
What is compromised?
After customer personal information, employees’ personal information was the next most costly type of data compromised in data breaches. This means that even if your company doesn’t handle much customer information, the exposed employee information will still have a cost implication in the event of a breach.
The insights from the report show that data breaches can have a significant financial impact on companies. As with most security measures, it’s best not to find out too late just how much of an effect a breach will have. It is far better to be prepared and to have a cybersecurity incident response plan in place to mitigate any attacks.
Numata has developed a guide to help you create a cybersecurity incident response plan so that if a breach happens at your organisation, you are prepared to deal with it as quickly as possible. You can find the guide on our website here, or you can contact our team if you would like more information or assistance with a tailored cybersecurity prevention solution.