Components of DOT Security’s Services
Explore each of the core elements that combine to form DOT Security’s complete offering
See how it all comes together
DOT Security’s holistic service- A plan to get back up and running if a problem occurs
- Comply with data security laws and industry regulations
- Expert planning and training to improve overall security
- Protection for a controlled internal environment
- Coverage for individual systems and devices
- Control who can get into your networks
- Improved insight into data and communications
- Extra fortification for your most sensitive data
Risk Assessment
InsightsCybersecurity insights and analyses
Dive into the world of modern cybersecurity with explanations, predictions, and expert opinions
Find blogs, infographics, videos, and more
DOT Security insights- Definitions for industry terms and acronyms
- The complete beginner’s guide to everything cybersecurity
Backup And Disaster Recovery
What Is the Average Total Cost of a Data Breach?
September 30, 2022
5 Minutes
The average total cost of a data breach in 2022 is $4.35 million, according to the Cost of a Data Breach Report by IBM. The cost has reached an all time high compared to previous years.
Let’s explore what factors affect the cost of a data breach, and what organizations can do to minimize damages.
Sign up for our newsletter!
The Cost of Ransomware
Hackers asked the suburb of Wheat Ridge for $5 million to release its data. This is just one example of how much malicious actors can demand after a ransomware attack.
The cost of ransomware can vary depending on the industry, organization size, type of data stolen, etc. A predominant factor on whether a company decides to pay for ransomware is whether it had the systems and protocols in place to restore that data on their own, resume operations, and repair any damages.
The suburb of Wheat Ridge, in the example above, chose not to give up the payment to the malicious actors. Their IT team believed they had enough resources in place to restore its databases and return to normal operations. However, at the time of their decision, their city hall had to be closed and restoring systems would take a considerate amount of time.
In a different industry, the Glenn County Office of Education in California surrendered $400,000 after a ransomware attack. The educational organization decided to pay the malicious actors after two weeks of negotiations.
These two examples are very different in the amount of ransom demanded or payed due to the type of organization affected and the extent of the damage the attack had. Of importance is also the type of data a company handles.
For instance, sensitive customer data such as PII (personal identifiable information), PHI (protected health information), and other types of protected data, can have more value for bad actors. Therefore, without a data recovery plan in place, ransoms could go for higher prices than other types of data.
Related Blog: 11 Things You Need to Know about Cybersecurity Compliance
The Cost of Damages
Loss of customer trust can have a high price for companies that have been hacked. Although it would be hard to put an exact price tag on lost customer relationships, they could damage the longevity of a business.
Reputation loss as well as the needed resources to come back after such an attack can be very costly for a company. For instance, after Uber got hacked by a teenage member of hacking group LAPSUS$, the ride-share company had to work quickly to report that no user data has been stolen. But with a previous known breach with many stolen records, it will be more difficult for this company to regain user trust.
Another expense when dealing with data breaches is the ultimate cost of downtime. Downtime can delay operations, deliveries, and business reputation as well. In the example above, the Wheat Ridge City Hall closed its services for a whole week. But can other industries survive after going dark for seven days?
The average length of downtime after a cyberattack is 20 days. It has also increased from 15 days in previous studies to the current length. This means that attacks on businesses have become more severe than in the past.
It is no wonder then that 60% of businesses face closure after a data breach. Small to medium size businesses should consider establishing a disaster recovery plan, especially since these type of businesses are more likely to be targeted for attacks.
Related Blog: How Much Do Companies Spend on Cybersecurity? | Minimize Your Losses
How Can You Protect Your Business
Let's use the NIST (National Institute of Standards and Technology) framework to delineate the most important aspects of protecting an organization's data. The NIST framework, which consists of five steps, is the national standard for cybersecurity and can be easily scaled to fit any organization.
-
Identify: Which data should your company be protecting? Not all data is sensitive data. Therefore, your organization can focus its resources on identifying the data, software, and equipment that should be protected. Businesses should also identify the people or departments in charge of protecting these assets.
-
Protect: Follow basic cybersecurity hygiene to add more layers of protection in your organization. Do your employees use MFA (multi-factor authentication) to log into company platforms? Is there an established hierarchy of users so that not all people can access all data? Does your company regularly back up its important data and train employees on security cybersecurity goals and requirements?
-
Detect: Many businesses use basic anti-malware software that are able to detect malicious files. However, hackers are familiar with most of these programs, so consider consulting with a cybersecurity professional and using advanced threat detection for more persistent threats.
-
Respond: To be able to respond, you need to have a plan in place. Knowing your strategy in case of a data breach will help you return to operations and bounce back faster. Assign a team that knows where back-up assets are. Have a contingency plan in case of downtime. Additionally, create a program on how your business can report to the authorities and any customers involved.
-
Recover: Use your previously constructed recovery plan in the event of a breach to back up your data. Notify your employees and customers of your current recovery efforts so that they know your organization is prepared for the incident.
Related Blog: Do You Need an MSSP? In-House vs Outsourced Cybersecurity
Bottom Line
The average total cost of a data breach reached $4.35 million in the latest security reports. Yet the actual total cost will vary depending on the data your company handles, your industry, and the strength of your strategy to recover.
Data breaches do happen. But with a strong recovery plan, any organization can return to normal operations faster. Consider consulting your in-house IT team or a cybersecurity provider so that a data breach does not stop your business from serving its clients.
Start identifying which areas to focus on when creating a recovery plan in case of a data breach by reviewing our Cybersecurity Checklist: How Covered is Your Business?