What is the real cost of a data breach?

Nerds On Site
Article Written By Matthew Kirkland


Founded In


5-Star Reviews

4.83 / 5

Satisfaction Rating

How do we secure our sensitive data when the average data breach cost rises?

There have been cyber risks ever since there was cyberspace.

Data breaches have been around as long as there has been data floating through the ether and the annual cost keeps rising. At first, they were more about showing off your hacker chops and ticking off the programmers at NASA when they log in and see compromised credentials.

No longer a game

Back then, it was a game. Now it’s business—Big, organized business involving big money. Data breach cost has snowballed in recent years. Experts believe the global cybercrimes cost will rise to $10 billion by 2024. 

To put the growth of these cyber threats into context, the average total cost of a data breach in 2021 was $4.24 M, up from $3.62 M in 2017. The nearly 12% increase from 2020 to 2021 is the most significant jump since 2015. 

(Stats from Ponemon 2021 Cost of a Data Breach Report.)

Who is at risk for a data breach?

Anyone and everyone. From individuals to SMEs, from large enterprises to governments. They are all at cyber risk. More importantly, anyone can put others at risk if they are not protected. And the average breach cost can be devastating.

What are the common causes?

Weaknesses in technology or user behavior most often cause data breaches.

How much does a data breach cost in 2025?

Cybersecurity Ventures expects global cybercrime costs to grow by 15 percent per year, reaching $10.5 trillion annually by 2025, up from $3 trillion in 2015. This represents the most significant transfer of economic wealth in history. The financial impact will be felt across the globe.

What are the ten most expensive data breaches ever recorded?

As listed by the trusted TotalIT.com, the top ten most expensive data breaches are:

  1.  2006 – Uber @ $148 million
  2.  2011 – Sony Playstation Network – @ $171 million
  3.  2018 – Marriott @ $200 million
  4.  2007 – TJ MAXX @ $256 million
  5.  2013 – Target @ $300 million
  6.  2013-2014 – Yahoo @ $470 millon
  7.  2006 – Veteran’s Affairs up to $500 million
  8.  2015 – US Office of Personnel Management @ $500 million
  9.  2017 – Equifax @ $700 million
  10.  2011 – Epsilon @ $4 billion

How does a data breach happen?

The Malicious Outsider

A data breach occurs when a cybercriminal successfully infiltrates a data source and extracts sensitive information. This can be done physically by accessing a computer or network to steal local files or bypassing network security remotely. Since malicious data breaches result from cyberattacks, you should know what to watch for.

Here are some popular methods used by hackers

  • Phishing
  • Brute Force Attacks
  • Malware

These social engineering attacks are designed to fool you into causing a data breach. Phishing attackers pose as people or organizations you trust to deceive you easily. Criminals of this nature try to coax you into handing over access to sensitive data or providing the data itself.

Brute force attacks. 

Hackers might enlist software tools to guess your passwords in a more brash approach.

Brute force attacks work through all the possibilities for your password until they guess correctly. These attacks take some time but have become rapid as computer speeds improve. Hackers even hijack other devices like yours via malware infections to speed up the process. If your password is weak, it might only take a few seconds to crack it.

Your device’s operating system, software, hardware, or the network and servers you’re connected to can have security flaws. Criminals seek out these gaps in protection as the perfect place to shove malware into. Spyware is explicitly ideal for stealing private data while being completely undetected. You might not find this infection until it’s too late. 

Not always the outside bad guy – other ways a data breach can occur:

  • An Accidental Insider. An example would be an employee using a co-worker’s computer and reading files without proper authorization permissions. The access is unintentional, and no information is shared. However, the data is considered breached because an unauthorized person viewed it.
  • A Malicious Insider. This person purposely accesses and/or shares data with the intent of causing harm to an individual or company. The malicious insider may have legitimate authorization to use the data, but the goal is to use the information in nefarious ways.
  • Lost or Stolen Devices. An unencrypted and unlocked laptop or external hard drive — anything that contains sensitive information — goes missing.

What industries are hit with the most expensive cyber attacks? 

Those in the health care, energy, and financial sector need to be especially vigilant as they are at the most cyber risk. Here’s a look at the top 5 industries from 2021 in terms of the cost of a data breach:

  • Healthcare Industry – $9.23 million up from $7.13 million in 2020
  • Financial Industry – $5.72 million down from $5.85 million in 2020
  • Pharmaceutical – nearly flat from $5.04 to $5.06 million 
  • Technology – $4.88 million down from $5.04 million in 2020
  • Energy – up a whopping 11% from 2020 to $6.39 million

What is targeted in a data breach?

Although a data breach can result from an innocent mistake, the real damage is possible if the person with unauthorized access steals and sells customer data, Personally Identifiable Information (PII), or corporate intellectual data for financial gain or to cause harm.

Bad guys tend to follow a basic pattern: targeting an organization for a breach takes planning. They research their victims to learn where the vulnerabilities are. They will lay in wait as long as it takes to garner the confidential data they are after. The cost of a data breach makes it worth their while.

Hackers learn a target’s weak points then develop a campaign to get insiders to download malware mistakenly. Sometimes they go after the network directly.

Once inside, malicious criminals have the freedom to search for the data they want — and lots of time to do it, as the average breach takes more than five months to detect.

Common vulnerabilities targeted by the bad guys include the following:

  • Weak credentials. Stolen or weak credentials cause the vast majority of data breaches. If malicious criminals have your username and password combination, they have an open door into your network. Because most people reuse passwords, cybercriminals can use brute force attacks to gain entrance to email, websites, bank accounts, and other PII or financial information sources.
  • Stolen credentials. Breaches caused by
  • Phishing is a significant security issue, and if cybercriminals get hold of this Personal information, they can use it to access things like your bank and online accounts.
  • Compromised assets. Various malware attacks are used to negate regular authentication steps that usually protect a computer.
  • Payment Card Fraud. Card skimmers attach to gas pumps or ATMs and steal data whenever a card is swiped.
  • Third-party access. Although you may do everything possible to keep your network and data secure, malicious criminals could use third-party vendors to make their way into your system.
  • Mobile Devices. When employees are allowed to bring their own devices (BYOD) into the workplace, it’s easy for unsecured devices to download malware-laden apps that give hackers access to data stored on the device.

How do you protect yourself against the cost of a data breach?

Data breach prevention needs to start at the top. C-level employees need to instill a culture of security across the entire enterprise. Employee training in cyber security needs to be a big part of the onboarding process – part of risk management – and it needs to continue regularly and include everyone at all levels — from end-users to IT personnel and everyone in between.

Here are a few best practices to avoid a data breach:

  • Patching and updating software as soon as options are available.
  • High-grade encryption for sensitive data to mitigate cyber risk
  • Upgrading devices when the manufacturer no longer supports the software.
  • Enforcing BYOD security policies requires all devices to use a business-grade VPN service and antivirus protection.
  • Enforcing strong credentials and multi-factor authentication
  • Educating employees on best security practices and ways to avoid socially engineered attacks.
  • Employing Security ai and risk management
  • Having a well-trained and tested incident response team

How do you mitigate the risk of a data breach?

Reduce the three most significant factors in data breach costs

The cost of a data breach has increased slightly in the last six years on average. Costs have been up 10% since 2014 to $3.86 million, according to the annual Cost of a Data Breach Report.

Referenced in the Ponemon Data Breach Report, three significant factors most affect the cost of a data breach.

Security AI and Incident Response Work

Security automation has a massive impact on the average cost of a data breach. Security automation means enabling security technologies that enhance or replace what IT staff usually do. They include any security solution that uses artificial intelligence, machine learning, analytics, and automated orchestration.

Incident response (IR) 

 IR is a top cost saver, with well-trained IR teams contributing to an average of $2 million in data breach cost savings.

In a data breach study, these benefits increased year over year. In 2019 the cost difference between having no IR team or testing versus a trained and tested team was $1.23 million. The 2020 $2 million difference was a massive 63% more than 2019.


Time is a significant factor. Data breach costs correlate to the time it takes to identify and contain the breach (the data breach lifecycle). In 2020, a violation with a lifecycle of fewer than 200 days on average costs an organization only $3.21 million. But for a lifecycle greater than 200 days, the average price jumps 30% to $4.33 million.

Factors affecting data breaches

Remote work due to COVID-19 increased data breach costs.

The average cost was $1.07 million higher in breaches where remote work was a factor in causing the breach, compared to those where remote work was not a factor, as referenced in the Ponemon data breach report.

Cloud migration impacted data breach cost and containment.

Cloud migration introduces numerous vulnerabilities that can lead to data loss. During its early stage of modernization, organizations had their data compromised more than twice as quickly.

Compromised credentials caused the most breaches.

In total, 20% of breaches occurred using compromised credentials with an average cost of USD 4.37 million.

Importance of the 2021 Ponemon Cost of Data Breach Report.

The annual cost of a Data Breach Report from Ponemon Institute offers insights from 537 actual breaches for a more comprehensive understanding of cyber security. This report has become the most widely used benchmark instrument in the IT industry, offering an integrated view into factors that can help reduce or improve data breach costs. The Report can also help you decide where to efficiently allocate your security spend to minimize the costs of a data breach. It has become a must-have in the cyber risk world. Garner what you can from here, and know the 2022 Data Breach Report will be as, if not more, insightful.


You May Also Like…