Report Reveals Highest Cost of Data Breach Spike Since Pandemic

The game is changing. Data is still being breached but with AI and digitization running at full gallop, organizations may be facing breaches at a scope previously unimagined. IBM recently released their 2024 Cost of a Data Breach Report, highlighting some of these changes. This year’s findings may have the gravity to impact the way people think about protecting their data. 

General Trends This Year

When it comes to cybersecurity, this year was a bit of a landmark year — for all the wrong reasons. The research recorded the highest jump in the average cost of a data breach since the Pandemic; an increase of 10%, putting the price tag at $4.88 million for a single incident.

Why so high? It’s not necessarily from what happens during the breach (the ransom payment, for example), but everything that happens around and after it. Business disruption and post-breach responses are the top two drivers of the price hike this year, accounting for a full 75% of the increase — think the loss of business due to downtime, the cost of losing customers that no longer trust your brand, paying for identity theft protection for those involved, and all the incurred regulatory fines. All in all, the cost from these two factors alone rose 11% in one year. The takeaway? It would be worth companies’ time to review and evolve their security strategy, namely post-breach response preparedness.

Healthcare Still in Hot Water

Just like last year, the healthcare sector paid the most per breach, averaging about $9.77 million per successful exploit. Next in line was Finance ($6.08 million), followed by Industrial ($5.56 million). Notwithstanding the fact that the $9.77 million paid per breach by the healthcare industry was a full 10% below last year’s figure, the sector still retained its top spot for most expensive breaches — a title it has sadly held since 2011.

The industry is especially vulnerable to breaches for two reasons: existing technologies and a low tolerance for disruption, due to the fact that patient lives are on the line. Fixing a breach at a hospital when surgeries have been delayed is a lot different from a retailer issuing an apology letter and six months of free identity theft monitoring.

We’re Getting Quicker at Catching Things

The good news (finally). They say practice makes perfect, and it seems that these constant data breaches have finally done us a sliver of good. We’re now catching and containing breaches faster than ever. So fast that this is the fastest we’ve been in seven years; it now takes us only 258 days, as opposed to 277. Is it still 258 days too many? Sure, but at least we’re headed in the right direction. AI-driven detection and response tools could be largely to thank. That, and tools that provide visibility across complex environments and in the cloud.

You’re Right: It’s Personal

The most common form of data stolen wasn’t state secrets, intellectual property, or business plans. It was the simple kind of information we keep close to the chest. Personally identifiable information (PII) is invaluable to attackers because it translates well to a lot of other logins. Knowing someone’s birthday helps you pass other authorization guard posts (security questions, for example) and, when combined with the right other PII (like tax ID number, email address, and home address), it can allow you to open credit cards, bank accounts, and more. Since one person can complete a myriad of different transactions, having full reign of that one person’s data brings near limitless possibilities to attackers. 

How Much Per Data Breach? Depends on What Kind of PII We’re Talking

Yes, certain kinds of data result in higher or lower-costing breaches on the back end. For example, the per-record cost of Employee PII is $189 USD, with the cost of Customer PII, Intellectual Property, Other Corporate Data, and Anonymized Customer Data (good for marketing or correlating with other data sets) getting progressively lower from there. It’s not difficult to see why Employee PII records would have such a premium. Logging in as the right employee is just a hop, skip, and a jump away from escalating privileges and doing some real damage.

SFT Solutions Can Add File Protection

Layering solutions like secure file transfer (SFT)with digital rights management and secure content engines can help protect against data breaches and other cybersecurity risks. Ensuring files are transferred securely is one proactive step organizations of any size can take to protect their data while it’s in motion and at rest.

A secure managed file transfer (MFT) solution, such as Fortra’s GoAnywhere MFT, can help address the inherent risks come with exchanging sensitive data. GoAnywhere can help protect files as a standalone solution and also is a key part of a comprehensive threat protection bundle. This combination of security solutions adds threat protection, antivirus and malware protection, deep content inspection, adaptive data loss prevention and a Secure ICAP Gateway to secure file transfers. This layered solution helps organizations safely collaborate and exchange data without exposing their systems to malware entering the organization and hidden threats within files.

Conclusion

The breached we have always with us. However, it is up to us to avoid being one of them, especially considering the cost to us and the benefit to attackers. Part of the problem is that the expansion of AI and other advanced technologies are being quickly and highly adopted into sensitively connected environments, but those at the helm of creating those projects may not fully understand the security implications of their work. The report concludes by issuing a well-founded warning to organizations everywhere: “Level up your cyber response training.” We should also test incident response plans and update them. This will help prevent breaches and reduce the impact of successful ones.  Learn more about Fortra’s cybersecurity solutions for your industry.