The Cost of a Data Breach in 2022 and Sensitive Content Communications
In their latest annual “Cost of a Data Breach Report,” IBM and the Ponemon Institute found that the average cost of a data breach increased in 2022—hitting an average of $4.35 million (up 2.6% from $4.24 million in 2021). More than 8 in 10 of the organizations surveyed admit to being impacted by more than one breach in their lifetime. That’s just the average cost, however; there are plenty of horror stories that have come out of serious breaches, with companies left reeling from multimillion-dollar losses, brand damage, and even legal battles over regulatory compliance violations, including hefty fines from regulatory agencies. Of course, attacks on the supply chain have become increasingly more frequent over the past two years, which exacerbates the potential cost of a data breach even further.
What Is a Data Breach?
A data breach is an unauthorized access or disclosure of confidential information. Data breaches can occur when sensitive content communications are intercepted, when data compliance is not followed, or when data privacy is not adequately protected. Some of the most common types of data breaches occur via email communications, which can be easily intercepted by third-party attackers through man-in-the-middle, phishing, identity theft, business email compromise, or malware.
Data breaches can also occur because of insider threats—both intentional and accidental. Improper disposal of data and loss or theft of equipment are other causes. The types of data breaches vary depending on the data compromised and how it was obtained. Sensitive content communications contain information like credit card numbers, Social Security numbers, bank account details, and other types of personally identifiable information (PII). In response to the frequency of attacks and successful breaches, various government and industry organizations have passed data privacy laws and regulations. Examples of these data privacy laws and regulations include the Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR), Data Protection Act 2018, and California Consumer Privacy Act (CCPA).
For individuals, data privacy is the right to determine who has access to one’s personal data and what they can do with it. Organizations must ensure they have the appropriate controls and tracking in place to demonstrate an immutable audit log showing customer, employee, and partner private data is protected. Data privacy also extends to information organizations use to run their business—clinical research data for pharmaceuticals, schedules and production plans for manufacturers, software code and strategic go-to-market plans for technology companies, and supply chain details and logistical details for retailers, to name just a few.
Organizations need to protect their sensitive content communications by encrypting it and enabling only authorized parties to access it, send and share it, and modify it. Sensitive content sent via email, file sharing, web form, managed file transfer, and application programming interfaces (APIs) must be protected in transit as well as at rest. For example, email containing private information in transit must be encrypted when it is sent and remain that way when it is stored. Additionally, if lost or stolen equipment contains sensitive content communications, organizations must ensure that these devices are remotely wiped before being reused elsewhere to avoid leaks of private information from other sources.
What Is the Cost of a Data Breach?
With the increasing cost and frequency of data breaches, it’s more important than ever to have a plan in place to protect your sensitive content communications. The IBM and Ponemon Institute report found that critical information such as customer or employee records are at the highest risk for loss or theft, with 89% of all security incidents involving them. Further, 60% of all reported incidents resulted in at least some loss or theft of critical information. At the same time, the report revealed that 60% of organizations hit with data breaches increased their prices due to the breach; this is troubling under normal circumstances and even more so considering already soaring inflation and supply chain issues.
These statistics are alarming enough, but they don’t even include the costs associated with downtime, operational disruption, and compliance issues. For sensitive content communications, a consolidated platform with a defense-in-depth approach that includes end-to-end encryption, a hardened appliance, and multi-factor authentication, among other security elements, is vitally important. Managing your email, file sharing, SFTP, SMTP, MFT, web forms, and APIs from one platform enables your organization to institute and enforce standard policies across each communication channel, while also avoiding the need to create visuals across each silo. This can be difficult for organizations that are already stretched thin to recruit and retain IT, security, and compliance staff.
How Common Are Data Breaches?
Data breaches are becoming more and more common. There were also 6 billion records breached last year alone, and as businesses continue to collect more data on their customers, this number is expected to grow steadily over time. Organizations should take these numbers into consideration when looking at their cybersecurity measures, as they may be at risk for a potential data breach costing them much more money than it did before if not done correctly from the start. Data breaches can cause many problems such as revenue decline or lawsuits. With data breaches continuing to occur regularly and showing no signs of slowing down, the best thing organizations can do is secure themselves by taking a step back to analyze where vulnerabilities exist in their systems.
Who Is Behind Data Breaches?
Constant attempts by cybercriminals to steal sensitive information and efforts by malicious nation-states to acquire classified information make it is increasingly difficult for organizations to keep their data safe in the ever-changing digital landscape. There are numerous preventive measures organizations can take to avoid a data breach. Cybercriminals—or malicious actors—operate under different levels of risk; some create ransomware and charge victims money while others sell collected personal data on the black market or ransom collected information back to victims. Rogue nation-states have also been blamed for stealing confidential information from both private corporations and government entities alike.
How Data Breaches Create Data Privacy and Compliance Challenges
While data breaches create compliance challenges for organizations, their complexity has grown in recent years as governmental and industrial regulatory bodies institute new compliance regulations to protect private data from malicious cybercriminals and rogue nation-states. As a result, it is more important than ever for organizations to take steps to protect their data and ensure that they are compliant with all relevant regulations. A cybersecurity risk management approach is an important starting point. For sensitive content communications, organizations must have the right practices in place to identify, control, mitigate, and balance threats. A comprehensive cybersecurity risk management model must include controlling who accesses private information, who can modify it, who is notified when changes take place, and to whom it can be sent or shared. These data privacy policies need to be centrally implemented and managed, enabling organizations to demonstrate compliance with regulations such as HIPAA, GDPR, CCPA, and the Data Protection Act 2018.
How Data Breach Cost Varies Across Industry Segments and Regions
Data breaches can cost organizations across different industry segments millions of dollars. According to IBM and the Ponemon Institute, depending on the industry, the average cost per lost or stolen record can range from $148 (in healthcare) to $258 (in manufacturing).
Healthcare breach costs have topped all other industries 12 years straight, increasing to $10 million per breach in 2022—41.6% over 2020. Financial services firms are next on the list at $5.97 million per breach, followed by pharmaceuticals at $5.01 million, technology at $4.97 million, and energy at $4.72 million.
The fact that healthcare and financial services are perhaps the two most heavily regulated industries might be related to the higher cost; namely, increased visibility and higher and more fines and penalties equate to higher breach costs. Certainly, for sensitive content communications with third parties, healthcare and financial institutions believe they are ill-prepared, with only half of financial companies and 45.5% of healthcare organizations believing they are well-protected against third-party content communication risks.
For data breach costs, the U.S. tops the list for countries at $9.44 million, followed by the Middle East at $7.46 million, Canada at $5.64 million, the U.K. at $5.05 million, and Germany at $4.85 million. Brazil experienced an alarming jump in 2022, increasing 27.8% from $1.08 million to $1.38 million this past year.
Despite the above news, there are ways for companies to prepare themselves for potential cyberattacks and reduce their risk exposure significantly—both proactively through improved cybersecurity measures and reactively through faster incident detection and response times. For the protection of sensitive content communications, this requires integration of tools—preferably a platform—into proactive incident detection and response solutions such as security information and event management (SIEM) and security orchestration, automation, and response (SOAR) systems. The implications of data breaches on brand can have a bigger impact on certain industry segments. For example, retailers need to anticipate how a data breach will affect customer loyalty and trust, as well as other factors such as corporate reputation, long-term financial performance, and stock price. Industry notwithstanding, a company’s ability to respond quickly to a data breach can help determine whether it will recover quickly or suffer irreparable damage.
Why a Private Content Network Is Key to Protecting Sensitive Data
As the cost of data breaches continues to rise, it’s more important than ever to have a private content network in place to protect sensitive content communications. A private content network mitigates the likelihood of unstructured data breaches by providing centralized governance, compliance, and security. This way, you can be sure that your data is safe and secure and that you’re not in violation of compliance regulations. The cost of remediating a data breach alone continues to grow, and thus mitigating unstructured data breaches related to sensitive content communications is ever more important.
The Kiteworks platform enables customers to create a Private Content Network that unifies, controls, tracks, and secures sensitive data like PII, financial records, critical IP, private legal information, and more. Kiteworks allows organizations to establish and enforce their own security and compliance policies that govern all their digital content communications. This also enables them to produce audit logs related to private content communications for compliance regulations and demonstrate regulatory compliance to customers seeking solutions that meet industry standards like FedRAMP Authorized and Infosec Registered Assessors Program (IRAP).
To learn how a Kiteworks-enabled Private Content Network can help your organization mitigate the risk of a data breach, schedule a custom demo today.
Additional Resources
- White PaperManage Your Data Privacy Exposure Risk for 2023
- ReportBenchmark Your Sensitive Content Communications Privacy and Compliance
- Fact SheetHow to Create a Private Content Network That Is IRAP Compliant
- Blog PostBest Secure File Sharing Use Cases Across Industries
- Blog Post12 Essential Secure File Sharing Software Requirements