What Is a Data Breach?

A data breach is a cybersecurity incident where sensitive, confidential, or protected information is accessed, viewed, stolen, altered, or used by an unauthorized individual or entity. Data breaches can occur due to various cyber-attacks, such as hacking, insider leaks, payment card fraud, malware attacks, loss or theft of physical devices, unintended disclosure, or other unknown reasons.

The types of stolen data from a breach may include credit card numbers, customer data, trade secrets, medical records, financial information, personally identifiable information (PII), or national security matters. Data breaches can affect businesses of all sizes, industries, and geographies, occurring with alarming frequency. They carry severe consequences for organizations facing costly fines for compliance violations, litigation, and long-term brand damage.

Data breaches can occur offline or online, and hackers can use channels such as the internet, Bluetooth, text messages, or online services to access sensitive data.

Unlike other attacks, a data breach cannot be remediated with a simple patch and software update. It usually triggers efforts to add more cybersecurity infrastructure to the network, but even then, the damage is already done.

Data breaches can result in substantial damages for both individuals and organizations, including:

• Financial loss: The financial impact of a data breach can be immediate and devastating for organizations. The cost of a data breach has risen over the past few years and includes the cost of investigation, remediation, and legal fees. According to the Cost of a Data Breach 2022 Report by IBM, the average cost of a data breach in the U.S. is $9.44 million.
• Reputational damage: The reputational damage resulting from a data breach can be hard-hitting for a business. Customers and vendors may cease all business with organizations that have been breached. Adding to the damages, they may share their experience with others, including on social media.
• Operational downtime: A data breach can cause significant operational downtime, resulting in lost productivity and revenue for organizations. Depending on the remediation process, this downtime can be very costly.
• Legal action: Organizations that experience a data breach may face legal action from affected individuals, regulatory bodies, or other stakeholders.
• Loss of sensitive data: A data breach can result in the loss of sensitive data, including personal information, corporate information, and intellectual property.
• Consequential damages: Consequential damages stemming from a data breach could include lost profits or reputational damages, which may be difficult to estimate at the time of the breach.
• Mitigation damages: Mitigation damages may include the cost of credit monitoring, identity theft protection, and other measures taken to mitigate the effects of the breach.

The severity of a data breach depends on the focused target. While it can be devastating for individuals, data breaches can cost organizations millions and negatively impact revenue long-term. The three main entities affected by data breaches are:

• Businesses: An organization that falls victim to a data breach could lose money in litigation and reparations, but the more considerable damage is in brand reputation. Target, Equifax, and Yahoo are well known for their data breaches. It’s cost them millions in lost consumer trust and brand damage.
• Government: Military, government trade secrets and undercover personnel are at risk if an attacker compromises government infrastructure.
• Individuals: For individuals, the most significant monetary risk is identity theft. Individual data could be sold on darknet markets or used immediately to open credit lines, purchase products, or create fraudulent accounts.

When you think of data breaches, you typically think of a hacker compromising a network and stealing data. However, data breaches can result from several different actions. Human error, for example, is one of the most significant factors in data breaches.

Among the different types of data breaches include:

• Credentials stored in source code: Developers make the common mistake of leaving credentials or access keys in code repositories. Attackers search public repositories on GitHub to find them.
• Exploited authentication or authorization systems: Applications with vulnerabilities or any cybersecurity infrastructure with bugs could allow an attacker to gain unauthorized access.
• Eavesdropping: Unencrypted traffic across a network is vulnerable to interception and eavesdropping.
• Human error: Negligence or a disgruntled employee could purposely or accidentally disclose data by falling for phishing or social engineering.
• Malware or viruses: These programs are designed to infect a victim’s computer and steal sensitive information.
• Distributed Denial-of-Service (DDoS): A DDoS attack involves overwhelming a victim’s network or website with traffic, making it unavailable to legitimate users.
• Ransomware: This is a sophisticated type of malware that encrypts a victim’s files and demands a ransom payment for the decryption key.
• Recording keystrokes: Known as keyloggers, this type of malware can be designed to record a user’s keystrokes, allowing the attacker to capture sensitive information like passwords.
• Phishing: This form of social engineering involves deceiving users into revealing sensitive information, such as login credentials or credit card numbers, which can result in a data breach.
• Hacking: Should an attacker gain access to user devices or compromise the internal infrastructure, they can install malware to steal data.
• Insider threats: Current or terminated employees could purposely send data to a third party or steal it for their financial gain.
• Physical threats: Organizations are vulnerable to data theft when local resources, user devices, work laptops, and other physical assets are stolen.

Cybersecurity incidents have been rising for years, but incidents skyrocketed after COVID-19 introduced at-home workforces. Organizations were forced to use remote workers for every aspect of business productivity, which led to increased data breaches. Users stored data on their personal devices, and organizations opened cloud resources and VPN-accessible internal infrastructure.

Many of the latest data breach statistics were due to the pandemic, but here are a few current statistics that made an impact on cybersecurity and businesses:

• The COVID-19 impact from remote workers increased data breach costs by $137,000 per incident.
• Over 6 million data records worldwide were exposed by data breaches in the first quarter of 2023 alone.
• Based on the most recent Cost of Data Breach Study by IBM, it takes an average of 206 days for an organization to identify a data breach.
• In an IBM survey, 76% of organizations indicated that remote workers increased the time required to identify and contain a threat.
• Healthcare attacks targeting patient information rose by 58%.
• Web application exploits and compromises have doubled since 2019, accounting for 43% of attacks.
• A possible data breach may have affected 8,000 emergency business loan applicants offered by the U.S. government.
• Symantec estimates that 4800 websites are compromised every month from clickjacking.
• Verizon estimates that 71% of data breaches are financially motivated.
• In 2019, 36% of data breaches were from organized cyber-criminals.
• It takes an average of 80 days to contain a threat.
• Healthcare organizations struggled the most with threat containment and took an average of 329 days to contain.
• Microsoft Office maintains 48% of malicious file attachments.
• The average cost of a data breach globally is $3.92 million, according to the latest IBM report.
• The health care industry pays the highest costs after a data breach at $7.13 million per incident.
• Most costs incurred from a data breach happen a year after the incident.
• A customer service employee for a financial institute has access to 11 million records, making them a risk for social engineering and phishing.
• 80% of breaches involve brute-force password attacks or stolen credentials.
• In 2020, distributed denial-of-service (DDoS) attacks increased by more than 278%.

The cost of a data breach rose significantly in the last year, mainly due to an increase in the at-home workforce. In 2015, the average cost of a data breach was $3.8 million. Today, it’s $14.8 million.

Proofpoint researched costs associated with a data breach and found that long-term collateral costs may persist after initial expenses. The loss in productivity from incident response staff and other employees due to downtime translated to an estimated 63,343 hours wasted dealing with a data breach.

Based on IBM’s Cost of a Data Breach Report, the average data breach cost reached $4.35 million worldwide in 2022. At the beginning of the year, experts estimated this average could reach $5 million by the end of 2023; currently, as of July 31, 2023, it is up $4.45 million so it is likely the initial estimate will be surpassed.

The United States experienced over twice the global average, with the average data breach cost reaching $9.44 million. Healthcare was the leading industry with the highest figures, averaging $10.10 million in data breach damages.

Email is a common vector in attacks, and a compromise costs large businesses $6 million annually. Some attacks use email and social engineering to trick employees into paying an estimated $1.17 million in fraudulent invoices and money transfers.

Ransomware continues to evolve and can cripple an organization. Many of these attacks start from email messages. Some organizations pay the ransom, but only $790,000 of the annual $5.66 million spent is from paying the ransom.

The average cost for organizations to resolve a data breach is $807,506, a dramatic increase from 2015’s $338,098. Credential theft via phishing accounts for many of these costs. Overall, malware and data exfiltration cost an estimated $137 million.

Cyber insurance helps offset costs by covering monetary damages after an incident such as a virus or denial-of-service (DoS). Even with the best cybersecurity infrastructure, organizations will never be 100% risk-free. Cybersecurity insurance helps pay for the costs after an incident, especially when the organization is liable for lost data. For example, healthcare organizations can incur hefty fines for losing personally identifiable information (PII).

Insurance contracts differ between insurers, so organizations must read the terms before signing. For example, an insurer might require that the organization is compliant and has specific cybersecurity infrastructure installed to stay insured.

By utilizing Proofpoint’s solutions, organizations can strengthen their security posture and protect against data breaches. Whether it’s to stay current with the latest compliance requirements or to host employee security awareness training, Proofpoint ensures that your data is protected from malware, attackers, corporate espionage, ransomware, phishing, and the many risks associated with digital assets.