On an individual company level, IBM's yearly "Cost of a Data Breach" report indicates that the total cost of a data breach is $3.86M (€3.18M) on average. The total cost is not only limited to the direct costs. The following four cost centers also need to be taken into account:
Detection and escalation (investigation, audit, crisis management & internal communications)
Lost business (downtime cost, loss of customers & reputation damage)
Notification of data subjects (external communications, regulatory requirements, costs related to external experts)
Post breach activities (fines, help desk costs & legal expenditure)
Other key findings:
Healthcare has the highest industry average cost of $7.13M
Geographically, data breaches cost most in the USA with an average of $8.64M
The average time to identify and contain a breach is 280 days
The root causes of data breaches are human errors (23%), system glitches (25%) and malicious attacks (52%)
The majority of malicious breaches are caused by compromised credentials, cloud misconfiguration, a third-party software vulnerability, phishing or a physical security compromise
Data breach protection must include physical security
To counter these attacks, investments in cyber security companies increased ninefold since 2011 according to Crunchbase, whereas the majority of physical security systems still data back to the 20th century. Investments in physical and digital security must go hand in hand. Traditional security systems offer no certainties. Badges, for example, can be easily passed on, hacked or stolen. This can cost companies as much, or even more, money than a digital attack.
Examples of physical security breaches can include:
Unauthorized access to the server rooms
Office theft or damage
Installation of bugging hardware in critical infrastructure
“Already 10% of malicious breaches are caused by a physical security compromise” - IBM
In 2020, a data security breach costed a company $3.86M (€3.18M) on average
Tips for preventing data breaches
Educate and train employees by offering data security workshops
Organize penetration testings for critical applications
Use different passwords, locking systems, multifactor authentication for each individual server
Make use of high-grade encryption for sensitive data
Explore the possibility of a biometric access layer in physical security flows
Keep all soft- and hardware up-to-date, including physical access systems
Create a software architecture mapping for a complete overview of application dependencies