IBM Security’s Cost Of A Data Breach Report is released each year. This report is a benchmark report in cyber security and can be of great value to any organization that deals with sensitive data and wishes to avoid costly breaches. This is why you should look into getting commercial data destruction by eCycle now. Protect your company and your assets today!
This report’s primary purpose is to identify trends in cost per data breach and not just the total cost of data breaches globally each year.
The results of the report for this year are alarming. The average cost of a data breach and the cost per compromised data record were at their highest since 2015. The results this year showed the largest increase in the average total cost of data breaches in seven years. This is in line with the 2015 report which saw a decrease in the per-record and total costs of data breaches.
What’s the story? Here’s the complete summary of IBM’s cost of data breach report 2021. We also have information about remote work and data breaches statistics. Also, we can share interesting details such as how IT asset disposition (ITAD) and data breach occurrences.
Summary of the IBM Cost of Data Breach Report 2021
The IBM data breach report for this year was full of interesting findings that show a significant shift in how companies worldwide conduct business and manage their security. The key findings from the IBM data breach report reveal that the cyber security industry is trying to keep up to radical transformations in every industry.
With this in mind, we have compiled a summary of the IBM data breach report’s key findings and their significance.
Increase in the Average Total Cost of Breach: 10%
The average cost of data breaches rose from $3.86million to 4.24million between 2020 and 2021. This figure represents not only the biggest single-year jump in data breaches that the report has found but also the highest average total breach cost per breach over the entire history of the report.
11 consecutive years with the highest cost per breach in the Healthcare Industry:
The healthcare industry has had the highest average data breach cost and the highest cost per record for 11 consecutive years. Healthcare data breach costs increased by +29.5% from $7.13 million per year in 2020 to 9.23 million in 2021.
This contrasts with some industries that saw smaller jumps and others that saw a decrease in the cost per breach. The energy sector saw a jump of $6.39 million to $4.65million.
Costs per breach are the highest for any industry. The public sector saw a 78.7% rise in the average total cost from $1.08million in 2020 to $1.93million in 2019. Loss of Business in Total Breach Costs: 38% IBM’s report found that lost business is the most costly area of all costs.
A data breach can cause a company, or a group of companies, to lose faith in their ability to secure customer data. They are often associated with the breach and the negative publicity that follows is often a result of poor PR.
What did you get? The result? 38% of all data breach costs are due to lost business, with an average cost per breach at $1.59million.
Per-record Cost for Personally Identifiable Data: $180
The per-record cost for personally identifiable information is one of IBM’s most important metrics to measure the cost of the data breach. This is the average cost for a customer’s records to be lost in a breach.
The average cost of a data breach was $1161. This means that every record that was lost or stolen in a data breach would cost a company an average of $161. However, this number can vary depending on the type of record.
Personally identifiable information (or PII) was the most frequently lost record (included within 44% of breaches), but it was also the most expensive per-record with each one costing $180.
20% of the Breaches that were initially caused by compromised Credentials
This is a huge issue. This is a big problem. We will get into why poor asset disposition can lead to compromised credentials in the future. For now, suffice it to state that compromised credentials were responsible for 1 in 5 global breaches in 2021. Malicious insiders, social engineering, and phishing are all other high-cost breaches. Although business email compromise was only 4% of all breaches, it had an average total cost of just over $5million.
Average Time It Takes to Identify and Contain Data Breach: 287
IBM’s study revealed that the average time it took to detect and fix a data breach was 287 days in 2021. This is well over 3/4 of an entire fiscal year.
Cost Multiplier of >50 Million Records vs. Average Breach. 100x
Let’s look at some of the confusing statistics in the study and their significant implications. This means that a breach involving 50 million records would cost 100x more on average than one involving 50 million records.
These mega-breaches cost an average of $401 million. This is a $9 million increase from the previous year.
Average Cost of a Breach In Hybrid Cloud Environments: 3.61m
Companies that use hybrid cloud environments are in luck: they had the lowest average cost of data breaches compared to on-premise, public, and private cloud models.
Cost differences for breaches with high-level compliance failures vs. low-level breaches: $2.30m
Being compliant with security procedures not only reduces the chance of your company being hacked but also significantly lowers the cost of a breach.
Average breaches resulting from compliance problems at low levels cost $2.3 million more than breaches that result in high-level compliance issues.
It was interesting to note that organizations with high levels of system complexity were more likely to be breached than organizations with lower levels.
Average Cost of Data Breach: $4.24m
Let’s return to the magic number: $4.24million is the average cost of data breaches in 2021.
This figure was calculated by combining the results of 537 organizations from 17 industries and 17 countries/regions.
Transfer doesn’t find these numbers to be the most important. eCycle is passionate about the issue of data breaches, so even the average cost of a breach at $4.24million fades into the background.
Cost difference where remote work was a factor in the breach: $1.07m
More people will work remotely in 2021 than ever before. Between 2020 and 2021, more digital transformations occurred than ever before thanks to the COVID-19 pandemic. Many companies moved completely or partially around the world.
What did the result look like? The result? $1.07 Million more in losses for breaches involving remote work than for breaches involving no remote work.
What does this mean? This means that remote workers are more important than ever for companies all over the world, and they should be more vigilant about their cybersecurity.
What does remote work have to do with data breaches?
Remember how we said earlier that complexity of a company’s security system was directly related to the total cost of a breach. Systems with lower complexity are more costly than systems with higher levels of sophistication.
A cybersecurity/IT system that manages remote workers and their devices are more complicated than one that connects all workers to a secure network.
Management of IT devices, especially when it is time to dispose or recycle them, is an important aspect of cybersecurity. This is especially true for industries where breaches can be costly.
The Healthcare industry tops the list again
After a decade-long period as the most expensive industry to suffer a data breach in, healthcare has now been ranked as the highest.
The healthcare industry is heavily regulated (HIPAA anyone?). It can be assumed that many of the breaches in healthcare data and associated costs are due to non-compliance with regulations and industry.
IBM Report: The Cost of Poor Hardware Retirement
It is not surprising that IBM didn’t address the grave issue of asset disposition, which is often overlooked and neglected in cybersecurity. It can often make the difference between secure data or a costly, major breach.
Did you know that the healthcare industry was the most expensive to suffer a data breach? This is usually due to poor data destruction that leaves sensitive data and credentials open to hackers who happen to be paying attention or have the opportunity to grab a laptop from a dumpster.
We offer HIPAA-compliant data deletion as part of our service to the healthcare sector. This ensures that all IT assets are securely and safely destroyed.
Despite this, it’s not the only industry that is affected by poor ITAD (IT asset disposition).
After failing fully to wipe out some devices containing personal information, Morgan Stanley was famously sued.
They will have to pay for credit monitoring for customers who may have had their data breached for two years, as well as identity restoration services if the client’s information has been compromised.
Do you want to avoid this fate and that of many other companies that have lost millions as outlined in the IMB Report?
eCycle handles all aspects of secure asset removal by destroying data and recycling your used electronics so you can concentrate on your business and your clients.
Are you ready to find out more? Get in touch with us today!
This post was written by Steven Elia Co-Founder and Recycling Director at eCycle Florida. eCycle Florida is an R2 Certified electronics recycling company in the state of Florida. Our processes and procedures are dedicated to the proper destruction and recycling of your electronics. eCycle Florida is your go-to for Orlando electronics recycling.