Cybercrime is on the rise. By 2025, the cost of cybercrime around the world is estimated to escalate to $10.5 trillion, based on a year-over-year increase of 15%. This number represents the potential for the largest transfer of economic wealth in history and exceeds even the total global profits from the illegal drug trade.
As the frequency of data breaches grows, so does the cost. Worldwide, the average cost of a cybersecurity breach is now $4.35 million, with the U.S. seeing the highest costs with an average of $9.44 million per breach. While these statistics are worrisome, there are ways that businesses can substantially reduce the risk of falling victim to a data breach by having the right tools to assess their security posture and by developing a successful incident response plan.
What is the probability of experiencing a data breach?
Unfortunately, the majority of organizations will likely experience a data breach, and in many cases, they will experience more than one! In fact, a stunning 83% of companies reported having been breached multiple times.
Statistically, the U.S. leads the world in most data breaches by country, with 212.4 million users being affected in 2021, up from 174.4 million in 2020. In the year 2021 alone, almost half (45%) of all U.S. companies reported having experienced a breach.
More broadly, with increased SaaS diversity and multi-cloud environments, this trend has only increased across the board. Recent joint research with the Cyentia Institute found that 98% of all organizations have at least one vendor that’s experienced a breach in the last two years (a fact that the SEC also cited in its recent cyber disclosure requirements).
What is the impact of remote work environments on data breaches?
One factor that has led to an increase in cybersecurity incidents is the growth of remote or hybrid work environments. As more companies adopt policies allowing employees to work from home, the decentralization of IT resources creates many new opportunities for malicious actors to exploit. No longer can businesses rely on protecting access to a single on-site network to defend their data. Now, each employee’s network presents a potential access point.
The effect of remote work on an organization ties directly into the cost of a data breach. For companies with only one in five employees working remotely, the average cost of a breach in 2022 was $3.99 million. But, according to IBM, that cost increases steeply for companies with 81% of the workforce working remotely, up to a staggering $5.1 million.
Are small businesses affected by data breaches?
Historically, the largest businesses presented the biggest targets for cybercrime, but, in more recent years, the focus for attacks is shifting to smaller, more vulnerable targets.
Smaller organizations are seeing an increasing frequency of data breaches, with an estimated 28% of all breaches affecting small businesses. Even more alarming, small business data breaches skyrocketed 152% globally between 2020 and 2021, while large business data breaches only increased by 75% over the same period.
What was the most significant contributor to the cost of a data breach?
While there are many factors that contribute to the cost of a data breach, including the type of attack, industry, and number of records compromised, the single largest contributing factor is simply time. The longer it takes a business to identify and respond to an attack, the more time is available for cybercriminals to compromise additional sensitive data. On average, companies that were able to contain a breach in less than 30 days saved over $1 million in costs.
Regrettably, the average time to discover a cybersecurity breach is 206 days. This is compounded by companies needing an additional 70 days on average to remedy the attack once it has been detected, and the lasting effects can drag on much longer. Notably, 33% of the total cost of a breach is estimated to arise after the first year from when the breach occurs.
How to reduce the cost of a data breach?
For businesses seeking to mitigate the cost of a data breach, the best method is prevention. Employing strategies such as a “Zero Trust” approach, properly securing files containing sensitive data, and incorporating security AI and continuous cybersecurity monitoring can substantially reduce the threat of a cybersecurity breach.
Although there are no solutions that offer 100% protection from data breaches, there are additional steps that can be taken to lower the cost and consequences of cyberattacks. An effective risk management strategy is one such method to minimize the impact of incidents on an organization. In the event of a data breach, having an incident response plan prepared and putting that plan into practice significantly reduces the time needed to begin employing containment strategies, and should include guidance from the detection stage through the recovery phase for responding to a cybersecurity incident.
Additional data breach statistics
A few more cybersecurity statistics to note for the probability of a data breach include:
- A new cyberattack occurs somewhere every 39 seconds.
- 75% of companies say a data breach has caused a material disruption to business processes.
- 65% of companies say a data breach has had a negative material impact on their reputation.
- 65% of IT professionals worldwide say the severity of attacks has increased.
And yet:
- 87% of organizations reported that they do not have sufficient budget to provide their desired levels of cybersecurity.
- 77% of organizations surveyed do not have a formal cybersecurity incident response plan.
- 40% of companies continue to deploy completely manual disaster recovery processes.
Prevent data breaches with SecurityScorecard
For many companies, despite data breaches being a top concern, the process of mitigating cybersecurity threats is still viewed as an insurmountable challenge. Implementing new security processes and procedures can be both expensive and time-consuming, and also requires extensive ongoing support for monitoring and response. If this is the case for your organization, SecurityScorecard can help.
SecurityScorecard offers automated, real-time threat detection and notification services that ensure your business the fastest response time to remediate vulnerabilities and prevent data breaches. You will also receive comprehensive reports to better communicate security priorities and monitor trends and threats. By proactively scanning for hidden risks, SecurityScorecard provides peace of mind and superior protection for your most sensitive information.
There are additional proactive services to help battle-test your defenses before a breach, including penetration testing, red teaming, and tabletop exercises.
In the case of a data breach, deploy SecurityScorecard’s Incident Response team who can help you quickly triage the situation, stop further damage, offer communication guidance, investigate the source, and provide actionable post-incident reporting.
