Page 144 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 144
But this hasn’t discouraged cybercriminals. Instead, dark web sites have begun resorting to traditional
marketing tactics like two-for-one discounts on stolen data, creating a bulk sales mentality that places an
even greater imperative on cybercrime cartels to amass large quantities of data.
This makes it even more likely that your data will be stolen, because even if your organisation isn’t
specifically targeted, you could be caught up in an increasingly common smash-and-grab raid – like the
attack on Microsoft that exposed around a quarter of a million email systems last year.
And while the value of each piece of data on the dark web is decreasing for cybercriminals, cyber attacks
are just getting costlier for the businesses the data is stolen from.
How much is your data worth to your business?
Not sure how much your data is worth? The exact answer is impossible to quantify definitively, as it will
change from one business and one piece of data to another, but it’s clear that having your data stolen
can have devastating consequences.
According to the Cost of a Data Breach Report 2021 from IBM and Ponemon, which studied the impacts
of 537 real breaches across 17 countries and regions, the per-record cost to a business of a data breach
sits at US$161 per record on average – a 10.3 per cent increase from 2020 to 2021.
For a personally identifiable piece of customer data, the cost goes up to US$180 per record. Not only is
this the costliest type of record, it’s also the most commonly compromised, appearing in 44 per cent of
all breaches in the study.
For a personally identifiable piece of employee data, the cost sits at US$176 per record. Intellectual
property costs US$169 per record, while anonymised customer data will set you back US$157 per record.
But it’s extremely unlikely that a cybercriminal would go to the effort of hacking your business for one
piece of data. In that sense, it’s more instructive to look at the average cost of a data breach in total –
which currently sits at a staggering US$4.24M.
For ransomware breaches, in which cybercriminals encrypt files on a device and demand a ransom in
exchange for their encryption, the average cost goes up to US$4.62M, while data breaches caused by
business email compromise have an average cost of US$5.01M.
Breaches are costliest in the heavily regulated healthcare industry (US$9.23M) – a logical outcome, given
the heightened sensitivity of medical records. By comparison, the ‘cheapest’ breaches are in less
regulated industries such as hospitality (US$3.03M).
Mega breaches involving at least 50 million records were excluded from the study to avoid blowing up
the average, but a separate section of the report noted that these types of attacks cost 100 times more
than the average breach.
The report found the average breach takes 287 days to identify and contain, with the cost increasing the
longer the breach remains unidentified. So when it comes to cybercrime, time really is money.
144