Business cybersecurity has been a rocky proposition in the last 12 months. Businesses are faced with challenges at every turn as they bat back threats like ransomware, phishing, and business email compromise. But a larger problem is dominating the board right now, and every business needs to be on top of it – a data feeding frenzy has driven the demand for data higher than ever, leading to a historic rise in data breaches and the expenses that they bring to businesses that are unfortunate enough to end up in the spotlight.

 

 

First, the good news: the numbers for publicly-reported data breaches in the US are down, decreasing 9% in Q3 2021 with a total of 446 breaches compared to 491 breaches in Q2 2021 according to the non-profit Identity Theft Resource Center. However, their experts caution that some organizations and state agencies are not including specifics about data compromises in public record reports or even reporting data breaches on a timely basis. One state has not posted a data breach notice since September 2020.

 

2021 Data Breach Facts to Remember 

  • An estimated 85% of data breaches in 2020 involved a human element.
  • Phishing is the top threat action that results in a breach.
  • The number of breaches that involve ransomware has doubled.
  • More than 60% of breaches involve credentials.
  • Over 80% of breaches are discovered by external parties.

 

Source: Verizon/Ponemon Institute Data Breach Investigations Report 2021

 

But Much More Bad News

But that’s pretty much all of the good news when it comes to data breaches this year. The rest of the data breach landscape is a wasteland of risk and expense. The ITRC also reports that the number of data breaches that they’ve been able to track through September 30, 2021, has not decreased. In fact, the number of data breaches that they’ve recorded in 2021 has already exceeded the total number of events in Full-Year (FY) 2020 by 17%, with 1,291 breaches in 2021 compared to 1,108 breaches in 2020. This trend is expected to continue and it points to the high probability of 221 being a record-breaking year for data compromises (the all-time high of 1,529 breaches was set in 2017).

The expense of a data breach has also increased at every turn. A data breach has never been affordable, but the cost of a single data breach has become a lot more expensive than it has ever been before, creating an even bigger hazard for companies that are in high-risk industries. A data breach can be a death blow for companies that have experienced an adverse economic impact from the chaotic events of 2020 and don’t have cash put aside to deal with a problem or any resources in reserve. In this year’s IBM Cost of a Data Breach Report, researchers determined that the average cost of a breach in 2021 is estimated at $4.2 million per incident, the highest ever recorded in the 17 years of the study.

 

5 Fast Facts to Remember from the IBM Cost of a Data Breach Report 

  1. The cost of a data breach can change significantly depending upon the initial attack vectors including the top three most common: compromised credentials (20% of breaches), phishing (17%), and cloud misconfigurations (15%).
  2. The cost of a breach can be impacted by the type of data stolen or leaked, like customer personally identifiable information – the most frequently breached and the most expensive at $180 per record.
  3. The top country in the world for data breach costs in 2021 (so far) is the US with an average cost of $9.05 million.
  4. Thanks to the hot market for COVID-19 data in 2020, medical data is in second place as the most desirable data to snatch, and healthcare at $9.23 million is the industry with the most expensive data breach costs.
  5. Organizations that operate with 50% remote workers took an average of 316 days to identify and contain a data breach compared to the overall average of 287 days.

 

Cloud Data Breaches Are Climbing

Cloud data breaches are also becoming an increasingly bigger problem for businesses, especially those that store large amounts of data in-house or at major data processors. An estimated 36% of organizations worldwide have suffered a serious data security incident like cloud data breach in the past 12 months. Evidence shows that these companies suffered a data breach or leak in their cloud environment because of fundamental security issues, including myriad misconfiguration and personnel issues that ultimately led to disaster.

There’s a good reason cloud data breach risk is rising, and that’s borne out by hard data. The IRTC report points to a dramatic rise in personal information theft, and they’re chalking it up to a series of major incidents with unsecured cloud databases, not data breaches. In fact, researchers discovered that a strong majority of IT managers and executives don’t feel confident about their company’s cloud data security. An estimated 8 out of 10 IT controllers feel like their organization is vulnerable to a major cloud data security incident, and 20% expect to suffer a customer data security breach in 2022.

 

The Primary Causes of Cloud Data Breaches

“The State of Cloud Security 2021,” asked IT professionals about the circumstances that influence a company’s chance of a possible cloud data breach and these were the factors that they pointed to:

  • 32% say too many APIs and interfaces to govern
  • 31% cite lack of adequate controls and database oversight
  • 27% point to lack of policy awareness around data security
  • 23% blamed old-fashioned negligence
  • 21% said they are not checking Infrastructure as Code (IaC) prior to deployment
  • 20% admitted outright that their IT team oversight is at fault

 

Prevent a Data Breach with Powerful Security from ET&T

Protecting a business from increasing data breach risk can be a challenge, especially when you’re trying to do it on a budget. We can provide the tools that businesses need to stay safe from cybercrime and data loss.  Our solutions address operational issues as well as constantly rising cybercrime risk, enabling companies to get twice as much value out of security expenditures. That value doesn’t just stop at the point of purchase – we’re constantly innovating to keep you a step ahead of cybercriminals.