Digital technologies are seeping into most aspects of daily life. With more people spending more time on their devices every day, online privacy is a very real concern. Legal, medical, and financial records are now stored virtually on hard drives and cloud servers instead of being filed physically. This is troubling, especially for those involved with these protected industries, because reported instances of cybercrime have more than doubled in the past year. Cybersecurity should be a top priority for all organizations, as a single network breach can cost companies thousands, if not millions, of dollars.

2021 IBM Security Report

For nearly two decades, IBM Security has worked with Ponemon Institute to publish their annual Cost of a Data Breach Report. The document is intended to identify trends, offer insights, and give a detailed update on the current status of business cybersecurity. This year’s report gathered data from nearly 3,500 interviews with over 500 organizations that witnessed a data breach between May 2020 and March 2021. It defines a data breach as an electronic or physical event which puts at risk an individual’s name, debit card, or medical and financial records. The study documented events ranging from 2,000 to 100,000 compromised records—lost or stolen copies of healthcare policies, credit card details, or other personally identifiable information (PII).

Cost by Industry

According to the a report, the average cost of a data breach from 2020 to 2021 increased by 10%, from $3.86 million to $4.24 million. Ransomware breaches were more costly than simple data breaches by about $400,000. The top five industries for average total breach cost were healthcare, financial, pharmaceutical, technology, and energy.

The average total cost for healthcare breaches increased from $7.13 million in 2020 to $9.23 million in 2021, a 29.5% upturn. Fortunately, the energy sector dropped from the second most costly industry to fifth place, decreasing from $6.39 million to $4.65 million (-27.2%). Other industries which saw major increases included media (+92.1%), public sector (+78.7%), hospitality (+76.2%), retail (+62.7%), consumer (+42.9%), communications (+20.3%), and services (+7.8%).

Cost by Cause

The cost of a data breach depends on the size and industry of the company in question. However, for the seventh year in a row, lost business represented the largest share of data breach costs. It accounted for nearly 40% of the average total cost at just over $1.5 million and is attributed to system downtime, lost customers, revenue deficits, business disruptions, and reputation damages.

The second most costly element of breaches were detection and escalation. At an average cost of $1.24 million, they accounted for about 30% of the total cost of an average data breach. The report also documented other cost categories including notification and post data breach response expenses.

Cost by Duration

Data breaches become much more costly the longer they go unaddressed. The full security breach cycle includes time between the first incidence of a data breach and its final containment. It took an average of 287 days to detect and contain a data breach in 2021, up 3% from 279 days in 2019. According to the report, breaches resolved in less than 200 days were $1.26 million or 26% less costly than if they were allowed to remain undetected.

It was also observed that proactive preparation had a significant impact on damages. Companies with adequate security systems experienced considerably lower costs associated with data breaches. Those which lacked cybersecurity protocols witnessed substantially higher recovery costs.

Data breaches are a big deal. They can lead to lost business, legal consequences, and compromised reputations, not to mention identity theft. As businesses bring more of their systems online, their risk of data breaches also increases. Cybersecurity is no longer optional—fill out our free IT assessment or contact us to learn how we can secure your valuable data systems today.