The numbers, costs and impact of data breaches will increase in 2021


Last week we investigated new laws that require reporting data breaches on critical infrastructure.

But this blog has raised a lot of follow-up questions and comments from readers, such as:

  • Are ransomware attacks considered a data breach?
  • Show me the numbers – where are the documented increases and what did they really cost?
  • How does the US differ from the rest of the world when it comes to data breaches and business related costs?


Let’s start with the last two questions.

According to a 2021 report by IBM and the Ponemon Institute, the average cost of a data breach among companies surveyed was $ 4.24 million per incident in 2021, the highest in 17 years. Here are some other compelling data points:

  • Effects of working remotely: The rapid move to remote operations during the pandemic appears to have resulted in more costly data breaches. Violations cost over $ 1 million more on average when remote work was cited as a factor in the event, compared to those in this group without that factor ($ 4.96 versus $ 3.89 million) .
  • Healthcare violation costs have increased: Industries exposed to major operational changes during the pandemic (healthcare, retail, hospitality, and consumer goods manufacturing / distribution) also saw significant year-over-year increases in data breach costs. Healthcare violations cost by far the most at $ 9.23 million per incident – an increase of $ 2 million from the previous year.
  • Compromised credentials resulted in compromised data: Stolen user credentials were the leading cause of security breaches in the study. At the same time, customer personal information (such as name, email, password) was the most common type of information disclosed in the event of a data breach – 44 percent of data breaches involved this type of data. The combination of these factors could create a spiraling effect where the username / password breach provides an attacker with leverage for further future data breaches.
  • Modern approaches reduced the costs: The adoption of AI, security analytics, and encryption were the top three mitigating factors that have been shown to reduce the cost of a security breach, and companies between 1.25 and 1.49 million. In the cloud-based data breaches examined, companies that had a hybrid cloud approach implemented lower data breach costs ($ 3.61 million)

Identity Theft Resource Center just issued a press release with some additional terrifying numbers to detail the trends in data breaches and other cyberattacks for the third quarter of 2021. Here are some of the top highlights:

  • The number of publicly reported data breaches in the United States decreased 9 percent in the third quarter of 2021 (446 data breaches) compared to the second quarter of 2021 (491 data breaches). However, the number of data breaches as of September 30, 2021 exceeded the total number of events for the full year 2020 by 17 percent (1,291 breaches in 2021 versus 1,108 breaches in 2020).
  • In the third quarter of 2021, the number of victims of data compromises (160 million) is higher than in the first and second quarters of 2021 combined (121 million). The dramatic increase in casualties is primarily due to a number of unsecured cloud databases rather than data breaches.
  • The total number of data compromises related to cyber attacks (YTD) increased by 27 percent compared to fiscal 2020. Phishing and ransomware are still by far the primary attack vectors.


What brings us to the first question above, and the simple answer to whether ransomware is a data breach, is… it depends. I like this problem description and response from earlier this year:

“In the past, one difference between a company that was a victim of ransomware and one that was hit by a hacker attack that resulted in stolen data was that a ransomware attack did not actually steal the data, but were encrypted so that the victim had to pay a ransom to regain access. In contrast to traditional data theft, ransomware – according to the theory – did not actually steal data. It encrypted it so that the authorized users couldn’t access it unless a ransom was paid. As a result, most organizations treated ransomware attacks simply in response to business continuity or disaster recovery, even though organizations were expected to pay for what they already own. Today, almost half of ransomware attacks steal data before encrypting systems, meaning that ransomware is no longer just a response to business continuity or disaster recovery; It is a comprehensive response to cybersecurity incidents as the attack could very well be a data breach if stolen records contain proprietary data. “

So this raises more questions about data breach numbers from multiple sources. Do these numbers contain the records that can have been compromised by the growing number of ransomware attacks?

This YouTube video from “The Breach Report” explains more about the Kaseya ransomware and provides some details regarding indicators of compromise, traits and attack vectors.


Another related topic that I want to bring to the mix this week. AP News reported last week that the US stands ready to sue contractors who do not report cyber violations:

The Department of Justice stands ready to sue government contractors and other companies that receive U.S. government grants if they fail to report violations of their computer systems or misrepresent their cybersecurity practices, the Department’s No. 2 official said Wednesday.

Assistant Attorney General Lisa Monaco said the department is ready to take action under a law called the False Claims Act, which allows the government to file complaints about misused federal funds. The Justice Department will also protect whistleblowers who stand up to report these issues, she said.


Along with the groundbreaking nature of the Colonial Pipeline ransomware attack, which exposed the gravity of our online troubles to the world, the rise in data breaches and the associated costs for businesses is becoming unsustainable.

Simply put, in a world where cyber teams are busy and even lose employees to competitors, something has to give way. Security teams, especially in the public sector, have many vacancies and are often in constant fire fighting operations.

It remains to be seen which solutions can “stop the increasing flow of water”, which is currently overwhelming many cyber defense programs.

Source link


About Author

Leave A Reply