Exclusive: How to avoid the ‘record high’ cost of a data breach

IBM recently published its annual Cost of a Data Breach Report and many of the takeaways were startling. The main conclusion was that the average cost for a data breach in 2021 was US$4.24 million, ranking as the highest amount in 17 years. Additionally, the average associated expenses rose by 10% between 2020 and 2021. That was the highest jump in seven years.

However, analysts also identified hopeful trends that could mitigate breaches later. Chris McCurdy, Vice President and General Manager of IBM Security, explained: “While data breach costs reached a record high over the past year, the report also showed positive signs about the impact of modern security tactics, such as AI, automation and the adoption of a zero-trust approach — which may pay off in reducing the cost of these incidents further down the line.”

Here are five proactive ways in which IT professionals and business leaders can keep organisations safer against data breaches.

Create and test an incident response plan

One of the findings in the IBM report showed that having and testing an incident response (IR) plan substantially reduced the overall costs of a data breach. More specifically, they averaged US$2.46 million less when companies formed IR teams and tested relevant procedures.

It’s a good start to give people specific responsibilities for breach mitigation. However, checking that the emergency response framework operates as expected is also crucial for making it valuable during a crisis.

Activate multifactor authentication when possible

Multifactor authentication (MFA) makes it more difficult for unauthorised parties to access a network because a user-set password alone is insufficient. They must also have another verification mechanism — often a code sent to an account owner’s device.

Statistics indicate that 99.99% of account compromise attacks can be prevented with MFA. It’s also useful to deploy related preventive measures. For example, a network-monitoring tool can alert an IT team if someone associated with an unknown device or location tries to use network resources outside business hours.

Train employees in cybersecurity best practices

People who lack knowledge of safe internet practices are often the most vulnerable to getting targeted in attacks. One recent study found that 84% of insider data breaches occurred due to employee mistakes. Then, in 74% of cases, breaches happened when workers broke security rules.

Employees are likely to be more careful when they receive targeted information about online practices that can raise the risk of breaches. For example, the IBM research found that breaches cost US$1.07 million more on average when they involve remote work. That suggests it’s crucial to teach employees how to remain safe online at home, especially when handling sensitive information.

Engage in strategic risk management

It’s often impossible to know where an organisation stands with cybersecurity if leaders have never conducted a thorough risk assessment. One of the IBM report’s recommendations concerned using the Factor Analysis of Information Risk (FAIR) model to learn the probability of security incidents and their associated costs.

Taking that approach often makes it easier to get hesitant business leaders to agree to further cybersecurity investment. That’s because FAIR takes an economically based angle to cybersecurity risk management. The FAIR model can also calculate the estimated return on investment (ROI) for certain solutions, helping decision-makers feel more confident about moving ahead with them.

Treat cybersecurity as a priority

An ongoing cybersecurity skills shortage poses additional challenges to leaders who want to minimise data breaches. However, even if an organisation has all the talent it needs, it’s still vital to continually invest in internet security.

One recent study of professionals working in the sector showed that most respondents felt their organisations did not do enough to invest in cybersecurity or the careers of people tasked with upholding it. More specifically, 64% thought their employers needed to do somewhat or a lot more to address the matter. Parties from the organisations that published the research believe that outcome is due to many leaders viewing cybersecurity as a technical problem rather than a business issue.

Maintain a realistic perspective

Besides following the five suggestions here, people should remain mindful that there are no guaranteed ways to stop all data breaches. Some organisations get hit with attacks even after abiding by all the recommendations for thwarting such events.

However, a conscious effort to defend against cyberattacks goes a long way. That’s especially true at organisations where people did not see hackers as substantial threats to their operations.

Devin Partida is a technology writer and the Editor-in-Chief of the digital magazine, ReHack.com. To read more from Devin, check out the site.