The cost of a data breach in the U.S. amounts to, on average, over $7M per breach — double the global average. Compound this cost with the fact that 2017 had the highest number of reported data breaches in the past 11 years, followed closely by 2018, and it’s readily apparent that the country has reached a crisis point, wherein increased investment in robust cybersecurity is necessary.
NewtonX conducted a survey with 100 executives at companies with 500+ employees who have experienced a data breach in the past ten years, as well as with 50 cybersecurity and data protection experts at the top 15 biggest cybersecurity firms in the country. The data and insights in this article are informed by the results of this survey.
Why Data Breaches are Getting Worse
The Identity Theft Resource Center (IDRC), a non-profit that tracks reported breaches at US businesses, government agencies and other organizations, shows that in 2005 there were just 157 data breaches. Compare that to 2017, which had 1,579 attacks, and 2018 which had 1,244 attacks. That means that over the past ten years, data breaches have increased eight times over in frequency.
This is due, in part, to better processes and culture surrounding disclosure of data breaches. However, it also reflects an uptick in criminal activity and vulnerabilities in the databases of many major companies. In other words, hackers are advancing at a faster rate than legacy data security systems are.
There are a few reasons why this is the case. One, is that implementing company-wide robust cybersecurity infrastructure is incredibly expensive and time-consuming, particularly for global companies with millions, if not billions of data points, many of which are highly sensitive. The other reason why data breaches have been on the rise is that as systems become more and more complex, they invariably create more opportunities for vulnerabilities. A hacker only needs to find one vulnerability, while companies need to constantly monitor for any vulnerability. The hacker’s job is much easier. Because of this, many companies employ an independent third party to perform penetration testing to identify security vulnerabilities so that the company can patch them before a malicious hacker discovers them.
Every Record Stolen From a Company Costs $148 – Here’s Why the Costs are so Steep
Costs associated with data breaches vary greatly from industry to industry. Healthcare is by far the most expensive industry to have a data breach in, with an average cost of $380 per record breached, primarily because of the sensitivity of the data and the laws that govern its protection and access. Similarly, the second most expensive industry to have a data breach in is the financial sector, where access to sensitive data can cost individuals and the company itself millions.
Across industries, though, there are four key reasons why data breaches cost so much:
- Loss of business
- Detection and escalation (verify the extent of the breach and the response)
- Communications and crisis management (public relations)
- Post-breach infrastructure repair
Breaches cost less in less developed economies, where lawsuits and loss of business don’t have as big of an impact.
A $2.7M Security System vs. a $7M Data Breach: the Rise of Cybersecurity
As we recently wrote, corporations are increasingly investing in robust and aggressive cybersecurity suites. The average cost of security automation is significantly less than the average cost of a data breach – and with more and more high profile companies falling prey to major malicious hacking attacks, most companies in the U.S. are jumping on board with cybersecurity automation and penetration testing.