In our last post we talked about how rising numbers of breaches and increased cost per breach are prompting insurance companies to change requirements to qualify for cyberinsurance coverage.

So, what are costs of Data Breaches Today?

Last year, IBM commissioned the Ponemon Institute to conduct independent research, investigating 537 real breaches, in 17 countries and 17 different industries. According to the analysis of information from the +3,500 interviews conducted:

“The average total cost of a data breach increased by nearly 10%, from an average $3.86 million to $4.24 million per incident.” This was the single average cost increase since 2013, when there was a spike in ransomware demand amounts.

Statista.com, which tends to be a little more conservative in comparison with the Verizon Data Breach Investigations Report (DBIR), and other industry-standard data breach reports, puts the figure at just under $4 million USD for most industries. The exception: Healthcare, where the average cost in 2020 was $7.13 – $7.4 USD Million (depending on whose research you use) and is already somewhere between $9.0 and $9.23 Million USD for 2021. This is nearly a 30% increase over 2020!

Why? Not only is it the size of healthcare organisations, and that because having the network go down can have life and death consequences, it’s the value of the data. For these reasons, healthcare gets targeted more aggressively. The value the data has also made educational institutions more attractive to professional bad actors. In this video, a cybercriminal explains why going after schools, higher institutions of learning and other public sector organisations is so lucrative.

As we have reported previously, remote working has made companies more vulnerable to attack – and the new figures clearly show that, on average, the cost approximately $1 million higher when remote working was a factor. “Additionally, organizations that had more than 50% of their workforce working remotely took 58 days longer to identify and contain breaches than those with 50% or less working remotely.” (IBM, Cost of Data Breach Report 2021)

All in all, breaches numbers and costs have been doubling every 3 years or so, and are expected to continue at increase at this rate though 2025.

5 Ways to Reduce Your Risk

Ensure cloud, edge/perimeter, network and endpoints are ALL fully-protected.


In 2020, over 35% of all data either resided on, or passed through the cloud – yet many firms don’t take the necessary steps to protect their cloud and edge / full perimeter – in addition to your network and endpoints.

This is why SASE (Secure Access Secure Edge ) should be part of your security strategy discussion.

Recently introduced by Gartner, the term SASE refers to a framework in which networking and security functions converge into a single integrated service that works at the cloud edge to deliver protection and performance as a single solution and approach.

One of the many partners with which we work is Cisco. You can read more about SASE in Cisco’s mini e-book: “Investing in a long-term security strategy – The 3 keys to achieving SASE”.

You might also find our “Cloud Covered? If Not, Take Cover!” blog post of interest.



1. Get an independent security assessment and implement the recommended changes.
   

   Building on the above bullet point, Gartner says it all: “It isn’t so much about whether the cloud is secure…It’s mostly about how securely you are using it.”

   According to the Gartner Innovation Insight for Cloud Security Posture Management report, “Nearly all successful attacks on cloud services are the result of customer misconfiguration, mismanagement, and mistakes. Security and risk management leaders should invest in cloud security posture management processes and tools to proactively and reactively identify and remediate these risks.”

   Indeed, when conducting security audits and assessments, we often find even the best IT departments can have small errors or set-up glitches, or ongoing patching problems, that create gaps that leave their networks vulnerable.

   A July 2019 study conducted by the Ponemon Institute in shows that 57% of breach victims indicated they had been aware of a network security issue, but that it had not been addressed prior to the attack. More recent studies suggest the percentage may be even higher now that people are working remotely.

   The same Ponemon Institute study suggests that over half of IT leaders don’t know how well their security is operating. For this reason, it is advisable to hire an outside expert to conduct a security assessment at least once a year. This will give you a list of where you are vulnerable, Firms are also advised to consult their network and other business insurance requirements – for some types of businesses, the insurance is not valid if a network security audit is not completed every 3 – 6 months.

2. Review your security protocols and access policies at least once a quarter.
   

   We find that many companies, although they are great at pulling up the drawbridge when an employee leaves, don’t change security and access privileges when employee responsibilities and roles change – or they accord the same privileges to the “new person” as a matter of course. Some firms also allow employees to use the company email while looking for a new job. All of these security lapses leave you vulnerable to bad actors.

   The “Verizon 2021 Data Breach Investigations Report” corroborates this and shows that nearly 80% of breaches were the result of privilege abuse.

3. Invest in best-in-class firewalls and other software – AND engage a professional, third-party Managed Services firm to handle your security needs.
   

   Today, it’s not enough to have the best solutions in place, you also need to have experts dedicated to ensuring things run as they should – and that all alarms are answered and problem remediated as they arise.

   Not only will this save you money, it will enable you to have experts in each of the many facets of security today watching over you and your network 24/7/365. By augmenting your IT department this way, you’ll also be able to focus your energies on the important tasks needed for your organisation to operate optimally, and your business to thrive.

4. Contact Us, Cloud Managed Networks to discuss your business goals, network needs and security strategies.
   

   We are a manufacturer agnostic firm dedicated to helping our clients lay the IT infrastructure needed to have a highly-efficient, optimally-working, secure network today – while laying the foundation to achieve their long term desired business goals. Our focus is on helping you achieve your objectives in the most effective manner, while being respectful of your budgets. We have experts on staff, or within our extensive partner network, to ensure the best solution and approach are taken. We’re also happy to offer you advice, without cost or commitment, if you simply need expert input.

To learn what will work best for you, please contact us at [email protected] or (416) 429-0796 or 1.877.238.9944 (Toll Free).