Looking Back: The Costs of Security Breaches In 2021

Introduction

There is no doubt that 2021 has probably been the most challenging in terms of the Cyber threat landscape.  The biggest catalyst for this has been of course the sheer number of Ransomware attacks that have occurred, across all industries.  

Unfortunately, this is only expected to get worse in the remaining months of 2022 and beyond.  Simply reporting about these attacks is not enough to get people and businesses to become more proactive.

One has to see the dollar amount that is associated with them, in order to truly get drive the point home.  This is the focal point of this article.

The Financial Impacts

Here are some examples of financial losses experienced by companies, due to security breaches:

  1. Marriott Hotels:

This loss was estimated to be at about $50 million.  In this attack, the PII datasets of well over 5 million guests were heisted, without hardly anybody noticing it.  The culprit of this were two separate usernames and passwords that were secretly stolen from two Marriott employees.

  1. Microsoft:

This total loss here was pegged at close to $2 billion.  In this instance, email addresses, IP addresses, and even chat content amongst end users were stolen.  A misconfigured database was blamed for this mishap.

  1. Facebook:

It seems like no matter what, Facebook is always in some way or another making the Cyber news headlines on a regular basis.  Probably one of its worst security breaches occurred earlier this year, in which the PII datasets of the end users were hijacked.  In fact, it was later revealed that more .5 billion of them were severely impacted by this attack.  Worst of all, Facebook failed to notify these individuals of the security breach, and how it is has impacted their own accounts.

Below are some other trends of financial losses, as it relates to security breaches:

  • The cost of an average data breach in the United States was pegged at slightly over $4 million.
  • At the end of this year, it is expected that the financial losses caused by Ransomware on a global basis will reach an astonishing $6 trillion on a global basis.
  • The Year Over Year costs of a security jumped by well over 10% in 2021 versus 2020.  Further, it is expected that this number will increase by yet another staggering amount, though estimates have not been released yet.
  • Those companies that adopted a near 99% Remote Workforce paid out experienced an average of slightly over $1 million because of data leakages.
  • The healthcare industry has been the hardest hit by Ransomware attacks in 2021.  For example, the average cost of a security breach jumped by almost 30% in 2021 when compared to 2020.  The financial losses incurred by this sector has been calculated to be at over $9 million.
  • After a business has been hit with a security breach, there are both direct costs and indirect costs.  The latter contributed up to almost 40% of the total cost, in terms of financial losses.
  • The average loss for every PII dataset record stolen was estimated to be at close to $200.  Of course, the more customers and employees that a business has can quickly drive up this cost beyond imagination.  For example, those organizations that possessed at least fifty million PII datasets experienced a total financial loss of well over $400 million.
  • Here is a breakdown of the financial costs incurred by each specific type of Cyber variant:

*Social Engineering attacks:  $4.4 million;

*Phishing/Business Email Compromise (BEC):  Well over $10 million.

*Insider Attacks:  Over $4.5 million.

  • Unfortunately, it still takes a very long time for a company to detect that it has been actually impacted by a security breach.  For example, it took an astonishing 287 days.  The financial toll on this huge time gap was also significant, was almost $5 million.  But interestingly enough, for those companies that were able to detect a security breach in under 200 days experienced a financial loss of just under $4 million.
  • For those businesses that took a more proactive security approach, such as adopting the Zero Trust Framework experienced financial losses of less than almost $2 million versus those companies that did not adopt this methodology.
  • If you are going to adopt a Cloud based platform, try to adopt a Hybrid based one (which is a combination of a Public and Private Cloud platform).  You will actually experience a much smaller financial toll if you are hit with a security breach.
  • Finally, the financial cost of a Ransomware attack in 2021 was pegged to be at $4.6 million per business that were impacted.

Conclusions

So, what will the rest of 2022 be like in in terms of financial losses?  There have been no concrete predictions yet, but you can take these numbers detailed in this article and make that the minimum for 2022.  In other words, as mentioned before, it is only going to get worse.  

It is predicted that Ransomware will be the dominant threat variant, and the most impacted industries will be healthcare, financial and even the educational sectors.  Even critical infrastructure is also doomed, as we have seen with the attacks that have occurred in 2021.

Keep in mind that nobody is immune to becoming a victim. No matter how many safeguards you take, you always run that risk.   The key is in mitigating that level, by detecting breaches quickly, and if you are hit, having the ability to recover within hours, and not days or weeks.