A data breach can cost millions — and you might be paying it

According to a recent report from IBM Security, data breach costs are constantly on the rise. Unfortunately, this spells bad news not just for the companies involved, but also for the customers — in more ways than one.

The report, which states that an average data breach is now estimated to cost $4.4 million, exposes the fact that the skyrocketing costs of data breaches directly affect the prices paid by the end customer.

A dark mystery hand typing on a laptop computer at night.
Andrew Brookes/Getty Images

As the number of cyberattacks continues to rise, having nearly doubled since last year, hackers keep finding new ways to break the defenses of various companies. When it comes to cybercrime on a larger scale, a data breach can affect millions of people when their data gets leaked. This can be seen both in nation-state attacks and in private companies that are sometimes told to pay a ransom in order to secure the leaked data.

The report prepared by IBM Security focuses on the costs of a data breach and compares them to the previous years. Unfortunately, the prices keep going up. The average data breach is now at an all-time high of $4.4 million, which is a 2.6% increase from last year, and a massive 13% bump when compared to 2020.

A lot of the analyzed data breaches affected some of the most crucial industries and their most critical infrastructure, such as financial services, technology, energy, healthcare, education, communication, transportation, and the public sector. Those breaches were estimated to cost an average of $4.8 million, which is up to $1 million more than what was paid by less critical organizations. Healthcare data breaches were the most expensive of all, with an average $10.1 million estimate and a nearly $1 million increase from the previous year.

To obtain these results, Ponemon Institute (sponsored by IBM) surveyed 550 organizations that experienced data breaches between March 2021 and March 2022. Up to 11% of data breaches were the result of ransomware attacks. This also marks an increase — in 2021, that number was at 7.8%. The report estimates that up to 16% were caused by phishing attacks, and finally, that nearly a fifth of all the data breaches took place because of compromised credentials.

A large monitor displaying a security hacking breach warning.
Stock Depot/Getty Images

It goes without saying that a data breach bears major consequences for both a company and its customers. A recent cybersecurity breach took Nvidia’s systems down for two days. Similarly, large-scale cyberattacks result in data leaks that affect millions of people, often containing very sensitive information. Just this month, an anonymous hacker was able to break into the Shanghai police department’s database, resulting in a staggering leak — up to 1 billion people’s data has been extracted. Smaller databases get hacked regularly, too, such as this recent Neopets breach that leaked up to 69 million records, which were then put up for sale for crypto.

Beyond the fact that personal data gets leaked and can be misused, the growing costs of a data breach are shouldered not just by the affected companies, but also their customers. According to the report, more than half of the surveyed organizations admitted to the fact that the costs of data breaches have been worked into the pricing of their products and services. This means that the customers were made to pay higher prices because of the rising costs of cybersecurity threats.

The average $4.4 million price of a data breach can be broken down into various smaller payments. These include ransom payments as well as the costs of investigating the cause of the attack, containing it, and then preventing it from happening again. Some of the costs only show up long after the breach was contained, such as lost sales and regulatory fines. On average, half of the costs related to a given breach were incurred a year or more after it took place.

Editors’ Recommendations






Leave a Comment

Your email address will not be published.