January 28th – Data Privacy Day – has become an annual focal point for individuals and businesses concerned about risk prevention and mitigation. Billed as “an international effort to create awareness about the importance of respecting privacy, safeguarding data and enabling trust,” it delivers some important messages, especially given the ongoing growth in the volume and severity of data privacy breaches around the globe.
In the U.S. alone, for example, 2021 set a new “record for the number of compromises”, according to a new report from the Identity Theft Resource Center (ITRC). The overall number (1,862) was up more than 68 percent compared to 2020, and 23 percent higher than the previous all-time high (1,506) set in 2017.
For businesses who find they have been compromised, the consequences of a privacy breach can range from the financial impact of downtime, recovery and regulatory fines to severe and lasting reputational damage, among many other issues.
The risks are well understood. At the extreme end of the financial spectrum, the breach at email provider Epilson has been top of the list of most costly incidents since 2011, coming in at an estimated $4 billion. But for the sheer volume of accounts breached, Yahoo holds the record for its 2013 incident where 3 billion were compromised.
But what’s the current picture around the cost of data breaches? For the past 17 years, IBM has been tracking the impact of incidents, and in its most recent report it estimates that average data breach costs rose from $3.86 million to $4.24 million in 2021, the highest average total cost in the history of the study.
Among its other key findings was the impact of remote work, where the average cost was $1.07 million higher in breaches where it was a factor in causing the breach, compared to those where remote work was not a factor. Among the most expensive risks, the cost of a breach caused by a business email compromise averaged $5.01 million.
It’s interesting to note, however, that the average cost of a breach was $1.76 million less at organizations with a mature zero-trust approach, compared to organizations without zero trust. Without doubt, this is becoming key to the success of modern security strategies and it’s a subject we’ll be returning to regularly throughout 2022.
Data Privacy Day is an ideal time to re-focus on this critical cybersecurity challenge. For further information about how Glasswall delivers proactive protection against data privacy risks, click here.