fbpx

The Cybersecurity Stats You Should Know in 2020

PROLINK Blog

The Cybersecurity Stats You Should Know in 2020

November 3, 2020

The outbreak of coronavirus has fuelled privacy breaches across the globe. The collision of a global health crisis with a distracted workforce, overwhelmed IT teams, and worldwide economic distress have created optimal conditions for cybercrime. Hackers, fraudsters, and other threat actors thrive on chaos and COVID-19 is no exception.

Since the early days of the pandemic, we’ve seen a variety of tactics designed to take advantage of the crisis, trick unsuspecting users, and steal valuable data. Phishing scams disguised as public health updates. Malicious domains purporting to sell protective health equipment. Fake apps that infiltrate devices and spread malware.

The need for a robust cybersecurity strategy has never been greater. To help you out, PROLINK will be publishing a series of dedicated cyber education resources over the next few weeks. We’ll be going over some of the biggest cyber risks faced by businesses during the COVID-19 crisis—remote work, phishing, ransomware, and more—and what you can do to minimize your exposures. Stay tuned for more!

To get started, we’ll be kicking off our series with some of the most alarming cyber-stats of 2020. Now in its 15th year, IBM Security has recently released the latest edition of their annual Cost of a Data Breach Report. Conducted by the Ponemon Institute, this report analyzes data from breaches that occurred between August 2019 and April 2020 and has been the premier resource on the financial impact of security incidents.

Please note: unless otherwise specified, all statistics below are sourced from the 2020 Cost of a Data Breach Report. Additionally, this report is US-based; all monetary figures shared below are measured in USD.

How much does a data breach cost?

The average global total cost of a data breach in 2020 is $3.86 million. While that’s a -1.5% decrease from last year at $3.92 million, the average total cost of a data breach has gone up by 10% since 2014. And keep in mind—this figure doesn’t account for any cyberattacks post April 2020.

Highly regulated industries like energy, financial services, and pharmaceuticals had the greatest costs, with healthcare taking the top spot for the tenth year in a row at $7.13 million per breach, a 10.5% increase since 2019.

Even more alarming? Canada is the third most targeted region after the United States and the Middle East, with a 6.7% growth in cyberattacks between 2019 and 2020 and an average total cost of $4.50 million per breach.

average cost of a data breach in 2020 is 3.86 million dollars

What’s being stolen?

By far and away, customer PII (personally identifiable information like a name, credit card number, or health information) is both the most frequently compromised type of data and the most costly. 80% of breaches involved customer PII, at an average figure of $150 per record.

Other types of compromised data include: intellectual property, anonymized customer data, employee PII, and miscellaneous corporate data.

How long does a breach last?

The average lifecycle of a breach—the time elapsed between first detection and containment—is 280 days. For healthcare organizations, that figure jumps to 329 days.

Why is the lifecycle of a breach important? The longer a breach lasts, the more it’ll cost your business. Research over the last six years has shown that breaches with a lifecycle of over 200 days cost $4.33 million, an average of $1.2 million more than breaches lasting less than 200 at $3.21 million.

And breach costs can linger for years after an incident, especially in highly regulated industries where the majority of the costs, like fines, penalties, and disciplinary and/or regulatory fees, are experienced after the first year.

  • All Industries
  • Healthcare

How long does a breach last?

The average lifecycle of a breach—the time elapsed between first detection and containment—is 280 days. For healthcare organizations, that figure jumps to 329 days.

Why is the lifecycle of a breach important? The longer a breach lasts, the more it’ll cost your business. Research over the last six years has shown that breaches with a lifecycle of over 200 days cost $4.33 million, an average of $1.2 million more than breaches lasting less than 200 at $3.21 million.

And breach costs can linger for years after an incident, especially in highly regulated industries where the majority of the costs, like fines, penalties, and disciplinary and/or regulatory fees, are experienced after the first year.

Average Life Cycle of a Breach (Days)

  • All Industries
  • Healthcare

But why are breaches so costly?

Because in the event of a breach, it’s not just lost data you have to worry about. There’s a whole host of direct, indirect, and hidden expenses incurred by organizations. Major costs include:

Detection and Escalation

Activities and/or services required to identify the breach, including forensic investigation, assessment and auditing, crisis management, and more. On average, Detection and Escalation costs about $1.11 million—nearly 30% of the total cost of a breach!

Notification

Activities related to informing breach victims, regulatory bodies, and other affected parties through email, letters, phone calls, or a general notice, as well as communications with regulators to determine when, how, and which requirements will apply. Notification costs comprise $0.24 million or about 6.2% of total breach expenses.

Post Data Breach Response

Redress and support services to breach victims and regulators, such as: help desk and inbound communication, credit monitoring, identity protection services, issuing new credit cards, legal expenses, regulatory fines for noncompliance with privacy laws, and more. These activities make up $0.99 million or 25.6% of breach costs.

Lost Business

Lost opportunities or revenue from customer turnover, diminished goodwill or reputation, business disruption, system downtime. At an average of $1.52 million, lost business makes up almost 40% of breach expenses and has been the highest cost component for the last six years.

What’s causing data breaches?

The three main root causes of a data breach are:

  • Human Error: 23% of breaches were unintentionally caused by negligent employees or contractors, costing an average of $3.33 million, primarily in the entertainment, public sector, and consumer industries.
  • System Glitches: 25% of breaches stem from IT and business process failures, which cost an average of $3.38 million. Research, transportation, and public sector industries were most prone to system glitches.
  • Malicious Attacks: Hackers and/or criminal insiders are responsible for an overwhelming 52% of data breaches through malware, like ransomware, phishing, and other cyberattacks. Technology, transportation, retail, and financial services industries had the highest percentage of malicious attacks.
  • Human Error
  • System Glitches
  • Malicious Attacks

Just exactly how bad is a malicious attack?

For the last five years, malicious attacks have been the leading cause of data breaches. And the average cost? A whopping $4.27 million. That’s nearly one million more than attacks from system glitches or human error. Why? In the event of a malicious attack, the average lifecycle of a breach surges to 315 days, with the average cost of customer PII shooting up to $175 per record.

Where do malicious attacks come from?

At 53%, the majority of malicious attacks come from financially motivated hackers. Their gateways? Stolen or compromised credentials and cloud misconfiguration.

Other key threat factors include: vulnerabilities in third-party software, phishing, breakdowns in physical security, malicious insiders, social engineering, and more.

The big question: how has COVID-19 impacted breach activity?

Cybercrime has been on the rise for years in an increasingly digitized world. Risk Based Security’s 2020 Q1 ReportData Breach QuickView Report shows that the number of records exposed in the first quarter of 2020 (January 1 to March 31) skyrocketed to 8.4 billion—the most exposed in any Q1 period since 2005. Even after adjusting for one mega breach, that’s still a 48% boost compared to the same period in 2019. Approximately 70% of reported breaches during this period were due to unauthorized access to systems or services.

However, the COVID-19 pandemic and resulting switch to remote work have ramped up cyber threats to a level previously unseen. According to the Ponemon Institute, 54% of organizations required remote work in response to the pandemic. Consequently, companies have had to react quickly to new risks posed by work-from-home arrangements to IT infrastructure, network resources, and confidential data.

Amidst rising demand for virtual solutions, hackers have been quick to exploit the daily cycle of misinformation, misconception, and misunderstandings to prey on the vulnerable. Hospitals, public health agencies, and businesses have already been hit. Twitter, Shopify, and even the CRA—the list of compromised organizations continues to grow.

The full extent of the damage remains unknown. While remote work is expected to increase data breach costs and lengthen identification, containment, and incident response times, we will have a clearer picture of how these changes have affected breach activity over the coming months. For now, we know that having a remote workforce has been found to raise the average total cost of a data breach by nearly $137,000, for an adjusted average total cost of $4 million.

From here on out, two things are certain:

  1. Hackers show no sign of slowing down during the crisis. Cyberattacks will continue to rise in frequency, intensity, and severity as we spend more time at home.
  2. All organizations must prepare themselves for a continued influx of attacks. It is critical for businesses to address their cyber exposures, bolster digital hygiene, and safeguard confidential data.

 

Cyber loss prevention begins with education. For a detailed list of cybersecurity measures, click here or keep an eye out for the rest of our cyber series!
For maximum protection, consider Data Security and Privacy Breach Insurance coverage. While your general liability insurance won’t cover a breach, a dedicated cyber policy can help offset some of the potential financial loss from legal fees, damages, and associated expenses.

The threats posed by the coronavirus are unique and ever-evolving. But with nearly 40 years in the industry, PROLINK has the experience and the expertise to guide you through even the most trying of times.

To learn more about your risks—and what you can do to protect yourself—connect with PROLINK today.


PROLINK’s blog posts are general in nature. They do not take into account your personal objectives or financial situation and are not a substitute for professional advice. The specific terms of your policy will always apply. We bear no responsibility for the accuracy, legality, or timeliness of any external content.

Will Business Insurance Respond to COVID-19?
Will Business Insurance Respond to COVID-19? As we all search for ways to mitigate our burdens during the COVID-19 crisis, many of us seek to understand how insurance can play a role. Click here for our responses to the questions our clients have asked.
Will Business Insurance Respond to COVID-19?


    Personal InsuranceCommercial EnterpriseAssociations & Affinity GroupsLife & Benefits


      Personal InsuranceCommercial EnterpriseAssociations & Affinity GroupsLife & Benefits

      Search
      Generic filters
      Exact matches only