The real cost of a cyber breach in 2023 can be enormous... and is the most direct answer to the question, "Why invest in cybersecurity?"
The transition to the digital landscape has led to a spike in cybersecurity threats: with online threats jumping a staggering 81% in the past three years, making cybersecurity a top priority for every business, many teams are still underestimating the cost of successful cyber breaches past the initial financial aspect.
Why? Because the costs can add up quickly when a business is hit with a cyber breach. From customer data loss to financial losses and reputational damage, cyber breaches can seriously affect any organization. That’s why it’s essential for businesses to invest in cybersecurity measures to protect themselves from malicious attacks.
Today, we dive into what constitutes the "real" cost of a cyber breach in 2023 (and, of course, how to counteract them.)
The Costs of Cyberattacks Are On the Rise
As the years pass, we see a dramatic rise in the cost of cybersecurity breaches. The '17th Cost of a Data Breach' report by IBM states that the global average cost of a data breach is $4.35M. These attacks include phishing, business email compromise, vulnerabilities, compromised credentials, and more.
What’s more concerning is that cyberattacks in the past few years have become far more advanced, coordinated, and hard to detect. Just last year in October 2022, fast fashion brand SHEIN was fined US $1.9M over a data breach, affecting 39 million customers. In January last year, the Crypto.com cyberattack led to the theft of $18 million worth of Bitcoin and $15 million worth of Ethereum.
Flash forward to this year: genomics and biotechnology company 23andMe confirmed in a press release that threat actors had obtained a significant portion of user data. Representatives of the organization stated that the hackers in question had successfully accessed “certain accounts” of 23andMe users who used passwords that were not unique to the service.
This announcement from 23andMe came two days after the hackers involved advertised an alleged sample of 23andMe user data on the hacking forum BreachForums; in this advertisement, they offered to sell individual profiles for anywhere between $1 - $10. The sample, which has been viewed by cybersecurity news outlets such as TechCrunch, contained the alleged user data of over 1 million users of Jewish Ashkenazi descent. There are an estimated 800,000 cyberattacks per year in 2023–with that number predicted to continue to rise annually.
Alongside the fact that healthcare and healthcare-adjacent organizations are the most likely to be targeted, it begs the question: what can individuals (and organizations) do to better safeguard their data online?
An Example of Preventative Cybersecurity Measures at Work
As a side note, one of the best examples of this is our recent work with the SickKids Foundation: the SickKids Foundation is Canada’s largest hospital-based child health research institute dedicated to improving children's health country-wide. With over 1.5 million active donors, the foundation collects and manages sensitive information, which could result in extensive reputational damage and loss of donors if breached.
To ensure their donors’ information is secure, Derek Sutton, the Director for Infrastructure and Enterprise Architecture, recognized the need to improve their security posture. As a part of that effort, he turned to Packetlabs to conduct in-depth penetration testing.
Cybersecurity Breaches (and a Deep-Dive into the Associated Costs)
The cost of a cybersecurity breach is considerable in terms of fines, customer churn costs and repairs to systems, and it can also have long-term implications for an organization. For example, Capital One, one of the biggest banks in the US, suffered a massive data breach, compromising the personal information of over 100 million customers and credit applicants in the US and Canada.
Beyond the cost of business loss, authorities slapped an $80 million fine on Capital One. Equifax, one of the US's largest consumer credit reporting agencies, also suffered a data breach that cost them about $700 million to resolve, including the lawsuits. The company also lost $4 billion due to a drop in the company’s share price.
The Real Cost of a Cyber Breach in 2023: Additional Factors that Contribute to Overall Cost
No matter the type of attack, additional factors such as time to detect a breach and other escalations contribute significantly to the overall cost. Studies have shown that businesses that take longer to identify a security violation often incur higher costs. Stolen or hacked credentials have been among the primary reasons for data breaches. Furthermore, the substantial amount of time taken to detect this issue can cause an additional economic loss of $150,000 above the typical breach cost.
The loss caused by ransomware attacks took a toll of an additional $4.62M due to the cost of escalation, notification, lost business, and response. This amount, too, was over and above the ransom paid.
Another significant component of cybersecurity breaches is compliance failure costs. In 2022, businesses with high compliance failures faced $5M as the average cost of data breaches.
The Non-Business Costs of Cybersecurity
According to a recent cost of cybersecurity report by IBM, the non-business costs could span $2.65 million, which is 62.5% of the overall costs of a data breach. According to the IBM report, here are some of the other factors that drive up overall costs:
Lost business costs, including customer churn, downtime, and new business acquisition costs: $1.59M
Detection and escalation costs, including identifying the breach, getting a team, and any external services: $1.24M
Post-breach response, eradication, and recovery processes: $1.14M
Informing regulatory agencies, partners, customers, press releases, and more: $0.27M
Other 'Costs' of Successful Cyber Breaches
The damage of a data breach goes beyond financial losses. There is also the threat of reputational damage and customer loss that can be even more difficult to recover from.
Studies have shown that after an attack, 82% of consumers worry about their personal information being used for malicious purposes, and 72% are concerned about their credit card information being stolen.
The cost of a data breach can be reduced when companies invest in cyber security measures. The aforementioned IBM report also suggests that organizations that deploy AI and automation have a shorter breach lifecycle and save an average of $3M more than those not investing in cybersecurity.
How to Minimize Cybersecurity Risks For Your Organization
1. Use the zero-trust security model: This model assumes that every entry point is a potential threat. Hence, this approach allows data to be accessible on a limited permission basis. In 2022, organizations with zero trust deployed saved nearly US$ 1 million in average breach costs compared to organizations without zero trust
2. Implement risk management and compliance strategies: Proactive risk management can help businesses quickly detect vulnerabilities and safeguard the company from data breaches by minimizing the risk. It also helps in devising an incident response plan.
3. Utilize consistent penetration testing: Skill shortage is one of the significant factors contributing to the high data breach costs. Security partners can help businesses do penetration testing and minimize vulnerabilities and system misconfigurations.
Costly data breaches can be partially attributed to the current shortage of skilled security professionals. Using third-party security experts to conduct comprehensive penetration testing can help reduce exploitable system misconfigurations and vulnerabilities.
Cybersecurity breaches can devastate a company, leading to serious financial losses and irreparable damage to the business's credibility. With this in mind, leaders must recognize the substantial risks of failing to invest in proper cyber protection measures.
Securing your digital systems from a cyber breach is significantly more cost-effective than dealing with the repercussions of a successful attack.
At Packetlabs, we offer a comprehensive security maturity assessment to provide a health check that evaluates the security within a business and ultimately provides a security road map. By forming a security roadmap, businesses can strengthen their security posture and begin the process of fulfilling contractual, regulatory, and internal stakeholder requirements. This is an essential initial step toward compliance.
Reach out today to learn more about how we can partner with your organization to strengthen cybersecurity.
Download our Free Buyer's Guide
Whether you are looking to complete Penetration Testing to manage risk, protect your data, comply with regulatory compliance standards or as a requirement for cyber insurance, selecting the right company is crucial. Download our buyer’s guide to learn everything you need to know to successfully plan, scope and execute your penetration testing projects.