Many fail to recognize the true importance of security until they are hit by an attack – and particularly when it costs them money. And it does cost money. Lots of money. According to the 2021 IBM Cost of a Data Breach Report , every stolen record costs big bucks. “Customer PII was also the costliest record type, at $180 per lost or stolen record. The overall average cost per record in the 2021 study was $161, an increase from $146 per lost or stolen record in the 2020 report year,” IBM found.
PII was not only the most expensive but was the most commonly breached, accounting for 44% of all stolen records.
These records are often found in files, and sensitive files can contain many, even hundreds or even thousands of records. One misdirected or stolen email attachment can cost a small fortune.
Overall Breach Costs Spiking
The IBM 2021 data breach cost report found that costs rose 10% in the last year, the biggest increase in the last seven years. “Data breach costs rose from $3.86 million to $4.24 million, the highest average total cost in the history of this report. Costs were significantly lower for some of the organizations with a more mature security posture, and higher for organizations that lagged in areas such as security,” IBM found.
Covid and Remote Work Boosts Breach Costs
With employees working from home due to COVID restrictions, a lot can go wrong with files. And breaches are an expensive certainty. “The average cost was $1.07 million higher in breaches where remote work was a factor in causing the breach, compared to those where remote work was not a factor. The percentage of companies where remote work was a factor in the breach was 17.5%," IBM said. “Additionally, organizations that had more than 50% of their workforce working remotely took 58 days longer to identify and contain breaches than those with 50% or less working remotely. IT changes such as cloud migration and remote work increased costs, yet organizations that did not implement any digital transformation changes as a result of COVID-19 experienced $750,000 higher costs compared to the global average, a difference of 16.6%.”
The Unhealthy Healthcare Example
Healthcare breaches, at $9.23 million per incident, are the most expensive of any industry, according to the IBM analysis. Meanwhile, “Nearly half (44 percent) of the breaches analyzed in the report exposed customer personal data, including healthcare information, names, emails and passwords,” IBM found.
Breaches Taking Longer to Find
It takes on average 287 days to discover, identify and contain a health care data breach. “Data breaches that took longer than 200 days to identify and contain cost on average $4.87 million, compared to $3.61 million for breaches that took less than 200 days. Overall, it took an average of 287 days to identify and contain a data breach, seven days longer than in the previous report. To put this in perspective, if a breach occurring on January 1 took 287 days to identify and contain, the breach wouldn’t be contained until October 14th. The average time to identify and contain varied widely depending on the type of data breach, attack vector, factors such as the use of security AI and automation, and cloud modernization stage,” the IBM report found.
How Zero Trust Lowers Breach Costs
Zero trust security is helpful in blocking breaches and mitigating the impact of any breakthroughs. “The average cost of a breach was $5.04 million for those without zero trust deployed. Yet in the mature stage of zero trust deployment, the average cost of a breach was $3.28 million, $1.76 million less than organizations without zero trust...” IBM found. Unfortunately, too few adopt zero trust. “Results from the study showed that just 35% of organizations had implemented a zero trust security approach. However, those in the mature stage of their zero trust deployment had an average breach cost that was $1.76 million less than organizations without zero trust,” IBM argued. “As organizations have shifted to incorporate remote work and more disconnected, hybrid multi-cloud environments, a zero trust strategy can help protect data and resources by making them accessible only on a limited basis and in the right context.”
Encryption Mitigates Costs
One vital aspect of zero trust is encrypting files and records. This alone dramatically cuts the cost of a data breach. “In an analysis of 25 cost factors that either amplified or mitigated the average total cost of a data breach, use of high standard encryption was third among cost mitigating factors, after mature use of AI platforms and mature use of analytics,” IBM found. “Organizations using high standard encryption (using at least 256 AES encryption, at rest and in motion), had an average total cost of a breach of $3.62 million, compared to $4.87 million at organizations using low standard or no encryption, a difference of $1.25M or 29.4%.”
How Secure Managed File Transfer (MFT) Software Helps
Many data breaches occur when files are moved within your organization or to partners and other organizations with a vested interest. These breaches come with GDPR investigations and often crippling fines. With MOVEit Managed File Transfer (MFT) from Progress, you can establish secure collaboration and automated file transfers of sensitive personal data. These files are not only moved safely, but they also include encryption and activity tracking to ensure compliance with GDPR, as well as PCI and HIPAA.
By default, all files sent outside of the company should be handled in a secure and trackable way – which is an MFT solution.
With MOVEit , you no longer rely upon your employees emailing personal data to other employees or outside entities, or using insecure file-sharing services. With a secure MFT software, you can eliminate user error and track and report the details of every file transfer.
Learn About Data Protection from the Experts
Discover what data protection is all about from the experts at Osterman in the What Decision-Makers Can Do About Data Protection guide, then learn how MFT locks down sensitive data. In this guide, Osterman Research shares what security leaders should be focusing on and how to prepare your organization for total data protection.
In What Decision-Makers Can Do About Data Protection, you will learn:
- Areas of concern for decision-makers
- How to protect data loss by employees
- What decision-makers should do to protect data
- And More!
Doug Barney
Doug Barney was the founding editor of Redmond Magazine, Redmond Channel Partner, Redmond Developer News and Virtualization Review. Doug also served as Executive Editor of Network World, Editor in Chief of AmigaWorld, and Editor in Chief of Network Computing.