Every year we cover the most recent report released on the cost of a data breach. No surprise from this year’s report that the cost continues to rise. And healthcare breaches cost the most across all industries. Listen in as we go through IBM’s Cost of Data Breach Report 2021.
In this episode:
Cost of Data Breach 2021 Report – Ep 316
Today’s Episode is brought to you by:
Kardon
and
HIPAA for MSPs with Security First IT
Sold Out
Subscribe on Apple Podcast. Share us on Social Media. Rate us wherever you find the opportunity.
Great idea! Share Help Me With HIPAA with one person this week!
Thanks to our donors. We appreciate your support!
If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com
Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA
If you see a couple of numbers on the left side you can click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!
Cost of Data Breach 2021 Report
[04:26] Hard to believe but this is the 17th year the annual cost of a data breach study has been released.Cost of a Data Breach Report 2021
As is our custom, we review it and update all of our records. The information is always helpful to us because it provides the stats we need to make decisions regarding protections and planning.
Although not surprising, we are getting used to seeing in the report that healthcare breaches cost the most across industries. We knew things were consistently getting worse in 2020, but a 29.5% increase is still somewhat surprising. That is a jump from the average total cost of $7.13 million in 2020 to $9.23 million for this study.
What we look for mostly in these reports are what makes a data breach more expensive vs what makes it less expensive. The top two issues in this report are system complexity and compliance failures.
No surprise that ransomware attacks and others that are destructive cost more than other cases. They are the ones that we would expect to be the worst.
The average cost across all industries and countries per record this year comes out to $161 which is a substantial bump from $146. You can ask any business how many records they have on file that contain PII or PHI. Then, take that number times $161 to estimate what a data breach costs.
That number is the global one but healthcare averages are much higher, as expected when you are the leader.
The most expensive attack vector was business email compromise at $5.01million followed by phishing at $4.65 million and malicious insider at $4.61 million. So, the most likely attack vector is not the most expensive. In general, people have terrible password hygiene. Hence the reason compromised credentials is the most frequently used attack vector.
A breach that spans over 200 days costs an average of $4.87 million in 2021 vs. $3.61 million for a breach spanning less than 200 days. So, depending on when you find it, there is a dramatic difference in how much it makes it worse. Now, if you have an incident response plan, which is the best way to make it better, and an incident response team identified, the cost of the data breach drops to $3.88 million. If you have both a team and have tested your plan, the cost drops to $3.25 million. If you have neither, it shoots up to $5.71 million. So, having a plan and a team is key to having a fighting chance to contain it faster and cheaper.
[33:32] These data breach figures and stats are not just for big companies. Take a look at this next chart.
You can see that the average cost of a data breach for a company with less than 500 employees is $2.98 million, up from $2.35 million in 2020. Then, there was a substantial jump in the numbers, likely, in part, due to everybody starting to work from home last year. Most businesses had no plan and no technology available to do this. So, they started pulling computers out of the closet, dusting them off and connecting them or allowing staff to use computers they had at home and not properly securing them.
And one last point to make about this study re: healthcare:
Enough said.
Our review of the IBM Cost of Data Breach Report 2021 was not as surprising to us after the move to everyone working from home because of COVID last year. But, keep in mind that the figures in the report take into account soft costs, not just hard costs. That includes downtime, loss of resources, damage to your brand and even how much money you’ve lost during that downtime because people weren’t doing business with you. And once again, the best thing you can do to try to cut those costs is to have a true incident response plan and team and have regular tests of your plan.
Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!
HIPAA is not about compliance,
it’s about patient care.TM
Special thanks to our sponsors Security First IT and Kardon.
