The Cost of a Data Breach Report 2021 – The Key Findings
Earlier this year, the Ponemon Institute released its annual Cost of a Data Breach Report. Now in its 17th year, the 2021 report stands as a benchmark in the cybersecurity industry. This year’s report offers insights into cyber breaches from May 2020 to March 2021 alongside recommendations on how to reduce business risk. In this article, we’ll list several key findings from the report as well as highlighting proven security solutions that could help your business.
Key Findings
The key findings within the report are based on IBM Security analysis of the Ponemon Institute's research data. Some of the most revealing trends include:
- The average cost of a data breach saw the largest single-year increase in seven years, rising by 10% to an all-time high of $4.24 million.
- Remote working and digital transformation due to the global pandemic increased the average cost of a data breach. There was a $1.07 million cost difference where remote work was a factor in causing a breach.
- For the 11th consecutive year, healthcare had the highest average industry cost of a breach. Costs also surged in the public sector.
- Lost business represented the largest share of breach costs at an average total of $1.59 million.
- A customer’s personally identifiable information was the most common type of record lost. It was included in almost half of breaches costing businesses $180 per record.
- Compromised credentials were the most common initial attack vector and were responsible for 20% of breaches.
- The average breach took 287 days to identify and contain. The longer it took to identify, the more costly the breach.
- Compliance failures was the top factor found to increase data breach costs. The failures amplified costs by $2.3 million compared to organisations with high levels of compliance.
- Ransomware continued to be the most expensive type of breach, costing businesses on average $4.6 million.
Solutions Successful in Reducing the Cost of Data Breaches
Within the report, there were several key findings that included success stories. The following security measures helped organisations to reduce the cost of a data breach:
- Incident Response Planning - organisations that had formed incident response teams and tested plans experienced data breach costs that were $2.46 million less than their counterparts.
- Cybersecurity AI and Automation - organisations with fully deployed cybersecurity AI solutions and automation decreased the average time to identify and contain data breaches, resulting in an 80% reduction in cost. That is a $3.81 million difference in overall cost.
- Zero-Trust Approach - while only 35% of organisations had implemented a zero-trust security approach, those that had reduced the average cost of a data breach by $1.76 million.
- Cloud Modernisation Maturity - companies that were further along in cloud modernisation maturity, were able to identify and contain breaches 77 days faster than those in the early stages of cloud migration.
Recommendations to Protect Your Business
The 2021 report clearly shows that the cost of a data breach is continuing to rise and the need to mitigate and respond to these threats is more important than ever. To help reduce the risk and cost of a breach, should your business fall victim, the report recommends the following:
- Invest in security orchestration, automation and response to help improve detection and response times.
- Stress-test your incident response plans to increase cyber resilience and optimise your ability to respond quickly and effectively to attacks.
- Adopt a zero-trust security model to prevent unauthorised access to sensitive data.
- Use tools to gain deeper visibility and help protect and monitor endpoints and remote employees.
- Invest in governance, risk management and compliance programs so you can evaluate risk and track compliance.
- Protect sensitive data in cloud environments and reduce the volume of sensitive data that is vulnerable by using policy, data classification and encryption.
- Embrace an open security architecture and managed security services to minimise the complexity of your IT and Security environment.
To find out more about the cost of a data breach read the full report today. If you’d like to assess how vulnerable your organisation is to a data breach get in touch with the InfoTrust team for a health assessment.
see our
Related resources
Mimecast recently released its State of Email Security Report for 2021. The fifth edition of its annual report used interviews with over twelve hundred of information technology and cybersecurity professionals across the globe to gather vital cybersecurity insights. The report offers an insight into the latest email threats along with advice on how to build cyber resilience and mitigate the risks of email-borne attacks.
Cyber attacks and data breaches have been commonplace in the news headlines for some time now. Although a warning from the media is certainly helpful, there is so much more that can be done when it comes to threat intelligence sharing. Threat intelligence sharing is an important part of the global cybersecurity community effort to tackle cybercrime and should form a part of every organisation’s cybersecurity strategy. Sharing cyber threat intelligence enables organisations to make informed decisions about their cybersecurity, building more effective and robust cyber defences.
One of my favourite annual reports to read is the Verizon Data Breach Investigations Report. It’s packed full of insights about the threat landscape and security leaders, in my opinion, should read this report to get a pulse on what’s happening in cyber-scape.
After all, as cyber leaders, we are here to stop breaches – so the insights gained from real cyber incidents and breaches is gold in learning how to tighten up our defences.
All businesses, large and small, are under increasing pressure to demonstrate that they are managing the risk of cyberattacks. This means having the right processes and controls in place to identify risks and vulnerabilities, protect information, as well as detect, respond, and recover in the event of cybersecurity incidents. As such, many businesses are turning to certification authorities and security frameworks to demonstrate privacy and security best practice and achieve compliance with regulatory bodies. System and Organisation Controls (SOC 2) is one such compliance framework that can help organisations to create a structured approach to cybersecurity.
Frost & Sullivan has recently released its 2021 Frost Radar: Email Security report, where its findings provide a benchmarking framework to help businesses protect their email from cyber threats.
As we operate in an increasingly digital world, every business collect, store, and share more and more data. And, amongst that data is personal information. With the OAIC marking this year’s Privacy Awareness Week (PAW) from Monday 3 May to Sunday 9 May 2021, it’s time for us all to review how we protect our customers’ personal information.
We're Here To Help