Geopolitical conflict, inflation, job market pressure, rising debt — we’ve been hearing about economic headwinds for a while now. Could data breaches have anything to do with this?
According to a recent IBM report, the average cost of a data breach has reached an all-time high. Like any other business liability, these costs must be absorbed somehow. Given the rising risk and costs, cyberattacks have undoubtedly evolved into market stressors. The magnitude of the problem might surprise you.
Despite the undeniable challenges, there are effective methods to minimize the impact of a data breach. Let’s find out how.
We can look at the numbers to measure the impact of data breaches on economic instability. According to the IBM Cost of a Data Breach 2022 Report, the data breach average cost increased 2.6% from $4.24 million in 2021 to $4.35 million in 2022. This is also a 12.7% increase in cost from $3.86 million in the 2020 report.
Meanwhile, the UNCDF states that “the economic cost of information and technology asset security breaches in 2020 was a staggering USD 4-6 trillion, equivalent to about 4-6% of global GDP.” This translates into a $4.5 trillion impact in 2020. If the percentages stay roughly the same, the total cost will be approximately $5.2 trillion in 2022.
War Makes Markets Unstable
When the war in Ukraine began, it sent shockwaves throughout global markets. The ripple effect continues to this day. The cyber war front has also heated up, resulting in a hybrid war effect.
The CyberPeace Institute states that:
“Cyberattacks on infrastructure such as energy, water, healthcare, financial institutions, transport and communication services can have devastating consequences on the civilian population…. Beyond the risks to critical infrastructure and civilian objects, cyberattacks sow distrust, limit access to accurate information or spread false information. They can also be highly disruptive and create a sense of fear and uncertainty and even lead to the eventual displacement of people.”
Direct consequences of incidents include a sense of fear and uncertainty. This leads to disruption at all levels of society, including the business and financial markets.
Absorbing the Cost of a Breach
The cost of breaches has clearly impacted the macroeconomy. Meanwhile, every organization sits down at least once a year to calculate its budget. Today, strong security has become mission-critical. Business leaders face tough choices as the cost of data breaches continues to rise. If the cost of business increases due to security concerns, then goods and service prices will also rise.
When costs go up, companies may also respond by reducing their employee headcount. It’s difficult to measure how much security issues affect employment figures. But if trillions of dollars are being lost due to attacks, people might also lose their jobs due to breaches.
Explore the Report
Let’s say you own or run a company. How do you assess the risk? What steps do you take, given the large potential downside involved? Can you afford to spend $4.35 million on a data breach? What if you have more than one incident? In the IBM study, 83% of organizations reported having had more than one data breach.
This uneasiness forces decision makers to choose. Do you invest in stronger security? Do you increase prices just in case? Either way, the economic impact is real. In fact, the IBM report revealed that 60% of organizations’ breaches led to increases in prices passed on to customers.
Do the Right Thing
Despite the danger and unpredictability, companies should treat the risk of a breach like any other business risk. Risk comes with a cost and with ways to mitigate any potential damage. Directors and officers are obliged to creditors, shareholders and customers to preserve and protect business and IT assets.
Every organization, from corporations to police stations to schools to health care, is at risk. The new reality is that cybersecurity should be part of your core organizational strategy. It cannot be a second-tier priority any longer. Relying on audits, weak security add-ons and a memo now and then won’t protect your organization.
Increasingly, governments are calling for more responsible security in the public and private sectors. Security controls include management, operational and technical measures to protect the confidentiality, availability and integrity of information and technology assets.
The most effective attacks continue to trick people into giving up some kind of access. From there, actors sneak into systems to find or install backdoors. Attack kits and ransomware are even being sold for as-a-service.
Still, some methods can turn the tide in your favor. For instance, the IBM report revealed that breaches at organizations with fully deployed security AI and automation cost $3.05 million less than breaches at organizations with no security AI and automation deployed. This 65.2% difference in average breach cost represented the largest cost savings in the study.
Companies with fully deployed security AI and automation also experienced, on average, a 74-day shorter time to identify and contain the breach compared to those without security AI and automation.
Other factors mentioned in the report that positively impact incident response include:
- Incident response (IR) team and regularly tested IR plan: Businesses with an IR team that tested their IR plan saw an average of $2.66 million lower breach costs.
- Extended detection and response (XDR) technologies: Those organizations with XDR deployed shortened the breach lifecycle by 29 days on average.
- Risk quantification: By looking at impacts, including financial impacts, availability of data and data integrity, companies can save $2.1 million on average.
Room for Optimism
The threat landscape continues to increase in complexity, and the stakes are high. Security has a significant impact on the global economy. But there is hope. Effective security methods are available; it’s up to organizations to take the proper steps to minimize the damage and the costs.
Freelance Technology Writer
Jonathan Reed is a freelance technology writer. For the last decade, he has written about a wide range of topics including cybersecurity, Industry 4.0, AI/ML...