The IBM annual Cost of a Data Breach Report revealed that the cost of a data breach has reached an all-time high of $4.35 million. Costs of data breaches have increased nearly 13% over the last 2 years of the report and these costs are lingering for organisations that have suffered a breach, with nearly 50% of the costs being incurred more than a year after the breach.
Among the factors driving costs well beyond standard inflation are:
Since 2019, the rapid migration to cloud services and remote working have been noted as major reasons behind the growth in the number of cyberattacks over the same period.
The IBM study found that 43% of business are in the early stages or have not started using security measures across their cloud environments. For these organisations a breach cost an average of $660,000 more than those organisations with more advanced security practices in their cloud environments.
Businesses need to make sure they are making the move to cloud-first through the lens of security as those who didn’t took an average 108 days more to identify and contain a data breach than those who did.
Businesses were forced to adopt remote working practices at great speed when the 2020 pandemic hit. According to IBM’s annual Cost of a Data Breach report, data breaches where remote work was a key factor cost an average of over $1 million more than those where it was not involved. In an office environment, some resources may benefit from an additional layer of protection by only being accessible on-premise. If these are then moved to the cloud without appropriate investment and attention on security, they can be prime targets for cybercriminals.
Perhaps the most significant example of these new vulnerabilities is Windows Remote Desktop Protocol (RDP), a tool which allows users to remotely control office devices. Not only has this increased the potential attack surface for many organisations, but open RDP ports are particularly prized by attackers since it allows them to gain control of an entire machine, significantly increasing the potential disruption they can cause and driving costs up further.
With our new hybrid way of working, organisations need to make sure that they are protecting themselves from the at-home security weaknesses.
Cyber insurance premiums have been rising in recent years to reflect the rapid growth in attacks, further driving up the costs of dealing with a security breach. In 2021, the cost of cyber insurance rose by 32% on average compared to the previous year, according to a report from Howden. Many insurers are now even refusing to provide coverage to some organisations, and have openly questioned the viability of cyber insurance as an industry going forward.
Ultimately, the increasing cost and frequency of data breaches deals a double blow to organisations that rely on cyber insurance, increasing costs further by driving premiums higher and reducing the appetite for insurers to take on cyber risk.
There is even evidence to suggest that organisations which are insured are more likely to be targeted by an attack, as cybercriminals reason that ransoms will be more likely to be paid out. When The Record interviewed a member of the group responsible for 2021’s high profile attack on CNA, a company which offers cyber insurance, the attacker stated that companies offering cyber insurance were valuable targets as their clients are more likely to pay a ransom.
As legislative bodies around the world become more and more aware of the threat posed by cyberattacks, they have also instigated more stringent punishments for organisations which fail to take steps to adequately protect themselves. In the UK, the Information Commissioner’s Office (ICO) handed out £42m in fines in the 2020/21 financial year – a staggering 1580% year-on-year increase.
In the US, there have also been increasing moves towards punishing companies which fail to comply with regulations on cybersecurity. Most recently, in March 2022, web vendor Cafepress were handed a $500,000 fine for failing to adequately protect their data.
Compromised credentials and phishing are the cause of 35% of data breaches. With phishing being the costliest cause, with and average of $4.91 million in breach costs for impacted organisations. Monitoring and detection of breaches is an important part of your security posture but prevention is better than cure and investing in your perimeter security will mitigate the likelihood of a breach in the first place. Unfortunately, suffering a data breach is not a ‘lesson learned’, with 83% of studied organisations having experienced more than one data breach in their lifetime.
Enterprises need to tackle this problem head on and using Identity Management, or cloud-based Identity as a Service (IDaaS) products such as Single Sign-On (SSO) and Enterprise Password Management can enable the organisation to transition to passwordless and the use of authentication protocols such as SAML and OIDC.
These IAM solutions protect your organisation from the most common causes of data breaches, passwords, by taking credentials out of the hands of your users so they cannot be compromised or phished. Furthermore, demonstrating you have secured the identities that form the perimeter of your organisation will also help bring down the costs of cyber insurance and non-compliance fines.
By investing in an IAM solution, you are being proactive in defending your data and will minimise the reputational and financial impact of a data breach.
If you'd like to find out how My1Login can help protect your organisation from the risk of data breaches, Book a Demo today.