Navigating the horizon of business technology​
Cybersecurity / Breaches

The eye-watering cost of a data breach to organisations in 2020

If your business gets attacked it could cost millions to put things right.

Companies are forking out millions of dollars to mitigate the consequences of cyberattacks, according to research revealing the average cost of a data breach.

The Cost of a Data Breach 2020 report — carried out by Ponemon Institute on behalf of IBM — found the average cost of a data breach in 2020 is a hefty $3.8m.

Emily Orton is co-founder of cybersecurity firm Darktrace, which uses an AI system it says can detect and mitigate attacks in real time.

Cost of a data breach
Emily Orton co-founder of cybersecurity firm Darktrace

“I think the cost is going up and we’ve seen an increase in attacks this year, particularly as it’s been a bit of a free-for-all in terms of opportunistic cybercrime during the pandemic,” she says.

“A lot of people have been caught short, not just from an organisational perspective, but also from an individual perspective — users being targeted because of the confusion and uncertainty caused by Covid-19.”

Where in the world is the cost of a data breach highest?

To determine the average cost of a data breach, researchers from the Ponemon Institute conducted in-depth interviews with individuals at organisations targeted by an attack between August 2019 and April 2020. In total, 524 companies in 17 countries, across 17 industry sectors, took part.

While the global average cost is $3.8m, there are seven countries and regions where the figure is higher — with the United States topping the list:

Industries hit hardest by the cost of data breaches

Healthcare is hit with the highest costs according to the study, although the cost of a data breach is above average in eight other industries:

What kind of costs do businesses face?

While businesses may have to pay a large ransom if information is stolen, the cost of a data breach can run much deeper.

Orton says: “When we talk to our customers the biggest concern for them isn’t extortion through things like ransomware attacks; they’re quite used to those because they’ve been around for a while.

“It’s more the less tangible and harder to quantify cost the existential threat of losing customers. For example, an outage that causes an e-commerce site to be down for several days is not always a disruption they can survive because the market is extremely competitive and customers will go elsewhere because they expect a certain level of service.

“Factories are another great example. If they have to manufacture ten thousand units to hit targets and get them to their suppliers, there’s a whole supply chain that’s based on that infrastructure working and a business can’t afford to say ‘oh, sorry, we’ll just work this out in two days and we’ll get back to you’.

“The upfront costs are just the tip of the iceberg.”

How to minimise the cost of a data breach

Orton says steps can be taken in an attempt to minimise the cost of a data breach.

“If you’re at that point executing a disaster recovery plan, I think all the things about good communication and being transparent with your stakeholders become really important,” she says.

“There’s a huge amount of footprint that an attacker will have across all your systems, and I think one thing that we’ve seen is that you want to have a security approach that spans all corners of the digital infrastructure.

“Today that doesn’t just mean tables and routers in an office building, it means your email system, Teams, Zoom and Dropbox. You have to be across it all because if you only do some parts the criminals are going to find your blind spots.”

See also: Honeypots: Good servers in dark alleys can be an enterprise asset