Rising cost of data breaches: Call for stronger cybersecurity measures

Simran Lageju: The average cost of a data breach has soared to an unprecedented level, reaching an astonishing USD 4.45 million.  This represents a 15.3% increase since 2020, according to IBM’s ‘The Cost of a Data Breach Report 2023.’ The increasing financial costs of data breaches highlight the urgent need for businesses to strengthen their cybersecurity defences in the ever-growing digital landscape.

The Growing Threat of Data Breaches

In our increasingly interconnected world, where information holds the key, data breaches pose a greater threat than ever. The consequences of data intrusion extend far beyond financial losses, impacting customer loyalty, investor confidence, and compliance status. A single security breach can have far-reaching effects on different aspects of an organisation’s operations, reputation, and overall standing in the marketplace. Preventing data breaches and responding effectively when they occur is critical for any company’s long-term success and viability.

IBM’s extensive survey encompassed 553 global organisations that fell victim to data breaches between March 2022 and March 2023. The breaches studied were across 16 countries and regions and in 17 industries. The results are startling, with the top five industries being healthcare, finance, pharmaceuticals and energy, industrial and technology, and transportation. The report not only provides measurable data to help leaders in risk management to make better decisions but also highlights the urgency of robust cybersecurity measures for businesses to safeguard sensitive information and protect clients and stakeholders.

Some crucial findings from the ‘The Cost of a Data Breach Report 2023’

1. Lack of proactive security

Only one-third of breaches were discovered by a company’s internal security teams or tools, meaning that other sources or actual perpetrators found 67% of them. This indicates that many companies need to monitor and secure their data proactively. If internal security teams are not detecting most breaches, it also suggests that intrusions may go unreported for a long time. Delays like this can lead to more severe consequences because when breaches are not addressed promptly, the hackers have more opportunity to cause damage.

2. Small businesses have higher risks

Costs associated with data breaches were far more significant for smaller businesses. Compared to 2022, the average data breach cost decreased in 2023 for companies with more than 5,000 employees. The average cost of a data breach significantly increased for businesses with 5,000 or fewer employees. These organisations often have limited budgets and may struggle to allocate sufficient funds to invest in robust cybersecurity measures.

As they have higher risks, smaller businesses must prioritise cybersecurity efforts, seek support, and invest in robust measures to protect their sensitive data and preserve customer trust. Failing to address these issues in an increasingly digitised world could hinder innovation, growth, and sustainability.

3. The effect of extensive security: AI and automation

Security AI and automation are crucial investments for cutting costs and shortening the time to find and contain breaches. On average, it took 108 days less for violations to be discovered and contained in organisations that used these capabilities considerably in their strategy. Compared to firms that did not deploy security AI and automation capabilities, they also reported decreased data breach expenses of USD 1.76 million.

4. Cost savings from high levels of DevSecOps adoption 

Comparing firms with high and low adoption of DevSecOps methods, those with high adoption realised significant savings of USD 1.68 million. DevSecOps stood out as the most effective in producing sizable savings among several cost-cutting variables. DevSecOps, which incorporates security practices throughout the whole software development lifecycle, demonstrated its value by significantly reducing costs while improving safety. DevSecOps appears to be the key strategy for businesses looking to improve security, cut costs, and keep a competitive edge in the market.

The Urgency for Organisations to Prioritise Cybersecurity

The Cost of a Data Breach Report 2023 provides a compelling global picture of the financial toll of data breaches, serving as an urgent wake-up call for businesses across diverse industries.

In recent years, Bangladesh has witnessed increasing incidents related to cybercrime. In July 2023, a government-owned Bangladeshi website leaked citizens’ personal information, including full names, phone numbers, email addresses and national identification numbers. The data was later removed, but the website leaked information of over 50 million Bangladeshi residents. According to the State Minister for Information and Communication Technology, Zunaid Ahmed Palak, the website’s vulnerability led to the leak. Incidents like this expose sensitive personal information, which can lead to severe consequences such as identity theft, fraud, and other types of cybercrime that target the people whose data is revealed.

Cybersecurity is essential for all sectors of a country’s economy. The financial industry is particularly a common target. In February 2016, an unidentified group of hackers made an audacious attempt to steal USD 951 million from the Bangladesh Central Bank (BCB) in Dhaka. Although a significant portion of the funds was later recovered, they successfully stole USD 81 million. The incident highlighted the vulnerability of financial institutions to cyber attacks, emphasising the need for enhanced cybersecurity measures.

Incidents of cybercrime have become a pervasive and concerning reality. It is crucial now more than ever for companies to stay vigilant and proactive. Cybersecurity awareness, preparedness, and adopting best practices are the best ways to mitigate the risks. The cost of investigating and recovering from these incidents can be substantial for any economy and any country.

Both governmental and private organisations worldwide must prioritise cybersecurity and implement comprehensive safeguards to protect their companies and the sensitive data entrusted to them. By acting decisively today, we hold the power to shape a safer, more resilient digital world for the future, preserving trust, protecting sensitive data, and securing the very foundation of our economy.

Simran Lageju is a business development professional associated with Genese Solution, an IT consulting company headquartered in the UK with a global presence in eight countries, including Bangladesh. The views expressed in this article are the author’s own and do not represent the organisation’s views. Questions and comments on this article can be directed to feedback@genesesolution.com.