The Cost of a Data Breach Report 2021 – The Key Findings
Earlier this year, the Ponemon Institute released its annual Cost of a Data Breach Report. Now in its 17th year, the 2021 report stands as a benchmark in the cybersecurity industry. This year’s report offers insights into cyber breaches from May 2020 to March 2021 alongside recommendations on how to reduce business risk. In this article, we’ll list several key findings from the report as well as highlighting proven security solutions that could help your business.
Key Findings
The key findings within the report are based on IBM Security analysis of the Ponemon Institute's research data. Some of the most revealing trends include:
- The average cost of a data breach saw the largest single-year increase in seven years, rising by 10% to an all-time high of $4.24 million.
- Remote working and digital transformation due to the global pandemic increased the average cost of a data breach. There was a $1.07 million cost difference where remote work was a factor in causing a breach.
- For the 11th consecutive year, healthcare had the highest average industry cost of a breach. Costs also surged in the public sector.
- Lost business represented the largest share of breach costs at an average total of $1.59 million.
- A customer’s personally identifiable information was the most common type of record lost. It was included in almost half of breaches costing businesses $180 per record.
- Compromised credentials were the most common initial attack vector and were responsible for 20% of breaches.
- The average breach took 287 days to identify and contain. The longer it took to identify, the more costly the breach.
- Compliance failures was the top factor found to increase data breach costs. The failures amplified costs by $2.3 million compared to organisations with high levels of compliance.
- Ransomware continued to be the most expensive type of breach, costing businesses on average $4.6 million.
Solutions Successful in Reducing the Cost of Data Breaches
Within the report, there were several key findings that included success stories. The following security measures helped organisations to reduce the cost of a data breach:
- Incident Response Planning - organisations that had formed incident response teams and tested plans experienced data breach costs that were $2.46 million less than their counterparts.
- Cybersecurity AI and Automation - organisations with fully deployed cybersecurity AI solutions and automation decreased the average time to identify and contain data breaches, resulting in an 80% reduction in cost. That is a $3.81 million difference in overall cost.
- Zero-Trust Approach - while only 35% of organisations had implemented a zero-trust security approach, those that had reduced the average cost of a data breach by $1.76 million.
- Cloud Modernisation Maturity - companies that were further along in cloud modernisation maturity, were able to identify and contain breaches 77 days faster than those in the early stages of cloud migration.
Recommendations to Protect Your Business
The 2021 report clearly shows that the cost of a data breach is continuing to rise and the need to mitigate and respond to these threats is more important than ever. To help reduce the risk and cost of a breach, should your business fall victim, the report recommends the following:
- Invest in security orchestration, automation and response to help improve detection and response times.
- Stress-test your incident response plans to increase cyber resilience and optimise your ability to respond quickly and effectively to attacks.
- Adopt a zero-trust security model to prevent unauthorised access to sensitive data.
- Use tools to gain deeper visibility and help protect and monitor endpoints and remote employees.
- Invest in governance, risk management and compliance programs so you can evaluate risk and track compliance.
- Protect sensitive data in cloud environments and reduce the volume of sensitive data that is vulnerable by using policy, data classification and encryption.
- Embrace an open security architecture and managed security services to minimise the complexity of your IT and Security environment.
To find out more about the cost of a data breach read the full report today. If you’d like to assess how vulnerable your organisation is to a data breach get in touch with the InfoTrust team for a health assessment.
see our
Related resources
During the great cloud rush, many organisations moved to various cloud environments, for the productivity advantages, improved reliability and security compared with running on premise environments. But the naysayers conveyed the risks associated of security concerns and outages, having the potential to bring down a company or even an economy if a there was a massive outage.
Based on InfoTrust analysis at the start of 2019 of over 9000 Australian company domain MX and SPF records, over a third of these organisations rely on Microsoft O365 Productivity suite.
This includes some of Australia’s largest organisations that would undoubtedly disrupt an economy if they were without email for a sustained period of time.
As you may be aware, from July 1 2019, all APRA regulated entities will be required to adhere to a new prudential standard, CPS 234. According to APRA, “this Prudential Standard aims to ensure that an APRA-regulated entity takes measures to be resilient against information security incidents (including cyber-attacks) by maintaining an information security capability commensurate with information security vulnerabilities and threats.”
In today’s digital age, we all use a vast amount of information to conduct our business activities, sharing, and interacting with data across multiple devices and networks. As such confidentiality, integrity and availability are key. You only have to look at recent news headlines to realise that even organisations with comprehensive security strategies are still vulnerable to cybersecurity breaches. Vulnerabilities can lie within the technology being used, the cyber-awareness of its employees, and the sophistication of attacks.
Earlier this month the CrowdStrike® Falcon® Overwatch™ team released their 2018 mid-year review, “Observations from the Front-Lines of Threat Hunting”. InfoTrust discusses the front-line and why security is everyone’s business. A brief precis, some thought provocation, and insight (hopefully) are below.
Each year, CrowdStrike releases its Threat Hunting Report to provide insights into adversary tactics, highlight notable breaches and provide recommendations on how to better protect your business. In last year’s report, key findings clearly focused on the rising cyber threats in response to the COVID-19 crisis. However, a year on, with work-from-home practices firmly in place, there has been little reprieve from escalating threats. In fact, the past year has laid witness to some of the most serious and widespread cyber attacks yet.
Mimecast recently released its State of Email Security Report for 2021. The fifth edition of its annual report used interviews with over twelve hundred of information technology and cybersecurity professionals across the globe to gather vital cybersecurity insights. The report offers an insight into the latest email threats along with advice on how to build cyber resilience and mitigate the risks of email-borne attacks.
We're Here To Help