It can be hard to navigate which solutions really protect you from the effects of a data breach. Take a look at defending against data breaches by the numbers. That way, you can focus on the modern data security approaches that make next year’s results more promising.

According to the annual Cost of a Data Breach Report, back in 2017 the average cost of a data breach hit $4 million. That figure dipped below $4 million for the next three years, but it jumped back up in 2021. The average cost of a data breach this year was a record $4.24 million. The good news is that this does not have to be the ‘new normal’. Add proven data security intelligence, tools and practices to drive this trend downward.

Attackers Target Your Customers

Customer personally identifiable information (PII) is the most common and most expensive record type regarding data breach impact. It’s a double whammy. Customer PII makes up 44% of all lost or stolen records containing sensitive information. In addition, each customer PII record costs a company an average of $180. Compare that to the overall cost per record of $161. Criminals know what they are looking for and have been successful in getting it, punishing those organizations that fail to protect customer PII.

The Stakes of a Data Breach Are Rising

Compliance violations earned the spot as the top cost-amplifying factor for data breaches in 2021. These often result in penalties that add up. For example, according to the GDPR Enforcement Tracker, from August 2020 to August 2021, total fines have more than doubled in quantity from 354 to 756 (and counting). The total of GDPR fines in August 2021 was more than €1.05 billion, compared to €133 million in August 2020. The costs don’t stop there: the legal and repair costs can further add to the penalties.

This raises the question of why some highly regulated businesses and agencies still lag in auditing and hardening their systems before breaches occur. Leading chief information security officers (CISOs) know it’s important to have a robust, repeatable and adaptable data protection program. On top of that, the program should include discovery and classification, activity monitoring and user behavior analytics. Vulnerability assessment is a vaccine to ward off the long-term effects of breaches that result in compliance violations and fines.

Most regulations now focus on data privacy and protecting your customers, partners and employees from fraud and theft. Compliance done right promises to yield tremendous benefits that instill confidence in your constituents, build loyalty and boost revenue.

Download the Report

Zero Trust, Big Savings

Zero trust has evolved from a concept to a blueprint to a coordinated set of security tools in a short time. People with a zero trust strategy in place have already seen the benefits. According to the 2021 study, of those companies that had fully or partially deployed zero trust, 48% reported being in the mature stage of zero trust. Another 38% reported being in the middle stage. Groups with mature zero trust saved 42.3% compared to groups without zero trust.

So what might mature deployment do to protect data that immature groups don’t? The study found that a high standard of encryption yielded a savings of 29.4%, or $1.25 million, per breach. (In this case, we define a high standard as using at least 256 AES encryption for data at rest and in motion.) According to the IBM Institute for Business Value (IBV) report Getting Started with Zero Trust Security, data loss prevention and data exfiltration controls are key factors possessed by ‘pacesetter’ groups that are reaping the benefits of zero trust without increasing their budget and resource spending.

Back of the napkin math reveals that a typical enterprise company can attain a high cryptographic standard with a proven enterprise file and database encryption solution at an expense below the cost of just a single data breach. Another way to cut down on the cost of a data breach is the use of security analytics. Modern data protection solutions, such as IBM Security Guardium Insights, provide centralized insight and advanced analytics to help zero in on data risks faster and share insights across teams, helping to reduce the likelihood of a data breach by 40%.

Hybrid Cloud: More Protection Against a Data Breach

Hybrid multicloud models are not as simple as ‘my or your or their’ cloud, but are an amalgam that creates our cloud. For example, a financial services firm might have a private cloud that meets the most strict regulatory requirements their industry requires. But they also have contracts with a third-party fintech cloud service to enable new banking products and services.

Beyond the flexibility, speed and collaboration advantages, there’s a security and cost benefit of the heterogeneous approach. The average cost of a data breach for a hybrid cloud environment was 28.3% less than that for a public cloud. Why? Well, a single point of failure is less likely in a hybrid or heterogeneous environment. That makes it harder for attackers to get a single set of keys to the kingdom. The top attack vectors do less damage when they are spread out over a hybrid infrastructure. Those vectors are almost impossible to remove, so ongoing risk reduction and vulnerability assessment are critical.

The cost and flexibility of a hybrid cloud environment are indeed attractive. However, you shouldn’t let this result in a disparate set of policies and tools to secure each type of environment. That inefficiency will add costs over time and diminish your overall defensive posture. According to Getting Started with Zero Trust Security, 70% of organizations are unable to secure data that moves across multiple cloud and on-premises environments. That puts the intended benefit from hybrid cloud platform strategies at risk.

Today’s Solutions

Solutions like cloud key management and cloud hardware security modules (HSMs) with encryption allow you to choose and change cloud service providers, without losing centralized control, regulatory compliance policy enforcement and custodianship.

The pandemic didn’t appear to slow down attackers in 2020. They stole more data and made it more expensive for companies to recover from the damage. The good news is that zero trust is starting to pay dividends. You can keep compliance problems in check with the right data visibility and remediation. What’s more, a hybrid cloud environment might prove a more dynamic security platform than the status quo.

More from Zero Trust

SOAR, SIEM, SASE and Zero Trust: How They All Fit Together

Cybersecurity in today’s climate is not a linear process. Organizations can’t simply implement a single tool or strategy to be protected from all threats and challenges. Instead, they must implement the right strategies and technologies for the organization’s specific needs and level of accepted risks. However, once the dive into today’s best practices and strategies begins, it’s easy to quickly become overwhelmed with SOAR, SIEM, SASE and Zero Trust —  especially since they almost all start with the letter S.…

Contain Breaches and Gain Visibility With Microsegmentation

Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT attack surfaces. Breach containment is essential, and zero trust security principles can be applied to curtail attacks across IT environments, minimizing business disruption proactively. Microsegmentation has emerged as a viable solution through its continuous visualization of workload and device communications…

Why Zero Trust Works When Everything Else Doesn’t

The zero trust security model is proving to be one of the most effective cybersecurity approaches ever conceived. Zero trust — also called zero trust architecture (ZTA), zero trust network architecture (ZTNA) and perimeter-less security — takes a "default deny" security posture. All people and devices must prove explicit permission to use each network resource each time they use that resource. Using microsegmentation and least privileged access principles, zero trust not only prevents breaches but also stymies lateral movement should a breach…

What to Know About the Pentagon’s New Push for Zero Trust

The Pentagon is taking cybersecurity to the next level — and they’re helping organizations of all kinds do the same. Here’s how the U.S. Department of Defense is implementing zero trust and why this matters to all businesses and organizations. But first, let’s review this zero trust business. What is Zero Trust? Zero trust is the most important cybersecurity idea in a generation. But “zero trust” is itself a bit of a misnomer. It’s not about whether a person or…