WHAT IS THE COST OF A DATA BREACH?

09 Nov WHAT IS THE COST OF A DATA BREACH?

In 2021, the Cost of a Data Breach Report (“Report”), conducted by the Ponemon Institute and published by IBM Security, addressed breaches that occurred between May 2020 and March 2021.

The Report has become a benchmark for leaders in the cybersecurity industry, offering IT, risk management, and security leaders’ insight into the dozens of factors that can increase or help minimize the rising cost of data breaches.

The main results of the research include:

(i)        The average total cost of a data breach increased by almost 10% over the years, the largest single year cost increase in the last 7 years.

(ii)       Remote working and digital transformation due to the COVID‑19 pandemic have increased the average total cost of a data breach.

(iii)      Healthcare organizations experienced the highest average cost of a data breach, for the 11^th consecutive year.

(iv)      Costs in the energy segment decreased from $6.39 million in 2020 to an average of $4.65 million in 2021.

(v)       Costs have risen in the public sector, which saw a 78.7% increase, in a total of $1.93 million.

(vi)      Loss of business due to the business disruption and lost revenue from system downtime, lost customers and failure to acquire new customers, and loss of reputation and diminished commercial reputation accounted for 38%, the highest percentage of breach costs, with an average total cost of $1.59 Mi.

(vii)     Personally identifiable customer information was the most expensive type of compromised record, $180 per lost or stolen record.

(viii)    Compromised credentials, responsible for 20% of breaches, were the most common initial attack vector.

(ix)      287 is the average number of days to identify and contain the data breach.

(x)       The average cost of a mega breach was $401 million for breaches between 50 million and 65 million records, an increase of $392 million in 2020.

(xi)      The cost difference where AI and safety automation were fully implemented vs. not implemented was 80%.

(xii)     Hybrid cloud had the lowest average total cost of a data breach compared to public, private and on-premises cloud models; data breaches in hybrid cloud environments cost an average of $3.61 million.

(xiii)    The difference in cost for high level vs. low level compliance breaches was $2.3M.

(xiv)    Ransomware and destructive attacks were more expensive than other types of breaches; $4.62 Mi.

The Report is global and combines results from 537 organizations in 17 countries and regions and 17 sectors to provide global averages.

Finally, addressing the four cost centers; detection and escalation, notification, lost business, and the post-breach response, the main result obtained by the survey was that: the average total global cost of a data breach is $4.24 million, with the percentage of lost business being the largest contributor to this figure.

This article is intended exclusively to provide information and does not contain any opinion, recommendation or legal advice from Kestener & Vieira Advogados concerning the matters herein addressed. Copyrights are reserved to Kestener & Vieira Advogados.