Data breaches are more common and expensive than ever. Referring to instances in which personal or sensitive data is exposed due to a security breach, data breaches have become a nightmare for both companies and users.
In an age in which companies may hold everything from individuals’ medical records to their addresses to their credit card details, the possibility of this data finding its way into the wrong hands hardly bears thinking about. It’s a stark reminder of why proper data protection methods are a “must have” in the 2020s.
A recent study carried out by IBM Security found that the average cost associated with a data breach during the COVID-19 pandemic topped $4.2 million. That is the highest sum in the 17 years that IBM has been running its report, titled “Cost of a Data Breach.” The report analyzed 500 worldwide organizations between the months of May 2020 and March 2021, the height of the pandemic. It attempted to figure out the damage done by data breaches to organizations — and found that this sum increased by close to 10 percent from a previous $3.86 million.
Eye-watering data breach stats
While those are some eye-watering numbers by any measure, they’re far from the biggest figures mentioned in the IBM report. For the eleventh year running, the sector with the highest costs associated with data breaches was healthcare, which averaged $9.23 million per breach on average, an increase from the $7.13 million in the previous report. Meanwhile, the biggest breaches — which featured upward of 1 million records being impacted — cost considerably more. At the top end of the scale was a breach involving 65 million records which cost a staggering $401 million. Close to half of all breaches that were analyzed in the report featured personally identifiable information (PII) about users.
Data breaches are bad news for numerous reasons. Exposed data can be seized upon by malicious actors, who could use it to carry out attacks, such as credential stuffing. It can also result in fines from regulatory bodies who seek to punish companies that fail to properly safeguard user data. On top of this, there are long-term negative impacts of data breaches — such as damage to reputational damage which can mean brand equity takes a hit.
How to protect against data breaches
Protecting against data breaches — and the resultant costs — is essential. There are multiple steps that companies or organizations can take.
● Invest in the right security tools to improve the time it takes to detect and respond to threats. Like a security camera that alerts the cops if thieves try to climb over your security gates, rather than waiting until a burglary is finished and the police are sifting through the wreckage for evidence, this is a crucial part of any good rapid response system.
● Use zero trust security models as a way to prevent access being granted to sensitive data for unauthorized parties. Zero trust methodology, as its name implies, is built around the idea that no party can be fully trusted. Just because they’ve gained entry to a system does not mean they should necessarily be there — and definitely shouldn’t be able to move around freely.
● Invest in compliance programs so that you’re taking the right steps to protect data. Not only does this help you follow best practices; it also safeguards against possible fines for not complying with the rules.
● Use encryption to protect sensitive data so that, even if it is somehow accessed by bad actors, they will be unable to read it.
● Carry out stress testing as a way to measure preparedness. This will help make it clear how well your preparations and precautions will measure up in the case of a genuine data breach incident.
Protect your neck
Ultimately, every entity that collects or deals with data needs to make protecting it a top priority. Fortunately, even if you don’t have the expertise to do this, help is available. Cyber security experts can assist in securing systems and help with following the above steps. They can also aid in deploying tools such as database firewalls, user rights management systems, data masking and encryption, data loss prevention (DLP), user behavioral analytics, database monitoring, and more. These are essential to the monitoring and protection of data, and should be a top priority for every company out there.
There’s no getting around the centrality of data to today’s world. As the saying goes, “data is the new oil” — referring not just to its financial value (as negatively seen through some of the costs associated with data breaches), but also the way that it powers many of today’s most essential technologies.
Doing their utmost to achieve data visibility and security is the least that companies or other organizations can do for their customers. And, hey, it may wind up saving them a few million dollars or more in the process!