Data breach costs continue to rise

IBM’s latest report found that the current global average cost of a data breach is $4.88m (£3.82m) in 2024, a 10% increase from 2023, and the highest it has been since the pandemic. What do the findings tell us and what can your business do to prepare for a digital natural disaster?

Author: Shannon Dority, Marketing Manager iStorage

Data is the lifeblood of modern-day business, providing all the vital information necessary to operate and thrive. Its invaluable nature not only makes it indispensable to organisations but has made it the prime target for cybercriminals to attack, steal and exploit. And they are not slowing down anytime soon, making data breaches the natural disaster of the digital ecosystem. This means businesses need to step up their data protection game to keep control out of the hands of cybercriminals.

What the results tell us

IBM’s Cost of a Data Breach Report 2024 surveyed 604 companies that experienced data breaches between March 2023 and February 2024. 70% of the companies report significant or very significant disruption following a breach. The knock-on impacts of business disruptions and post-breach responses - such as the inability to conduct daily operations, sales, manufacturing shutdowns, payment of regulatory fines, class action lawsuits, lost customers and damaged reputations - have all directly led to the cost increase. 63% of organisations planned to increase the cost of their goods or services due to the breach, furthering the knock-on impact directly to customers in an already competitive market.

Healthcare, while seeing a 10.6% average decrease, remains the industry experiencing the costliest breaches at $9.77m (£7.65m). Financial and Industrial followed behind, with both seeing average cost increases of 4% and 18% respectively. These industries remain a target for cybercriminals due to their existing technology infrastructure and the high level of vulnerability they are likely to experience in the event of a cyber-attack. On top of that, 35% of attacks involved shadow data (data residing in unmanaged data sources) and took on average longer to detect resulting in higher costs.

Malware and criminal activity in the form of phishing or stolen/compromised credentials remain the most prevalent root cause for data breaches. However, destructive and exfiltration attacks proved to be more costly as they cause longer lasting and expensive business damage. Skill shortages, lack of adequate training, and overly complex security systems have also contributed to higher data breach costs, jumping to 53% in 2024 from 42% last year.

Moving Forward in the Digital Ecosystem

There are two main questions you need to ask yourself.

1. Are you prepared for the looming digital natural disaster that can strike at any time?
2. What are you willing to pay - the cost of a breach that could reach in the millions, or invest a fraction of that to implement the correct infrastructure to protect yourself?

Cybercriminals are becoming more organised and sophisticated in their attacks, and the evident rising costs of data breaches means businesses need to take both preventative and preparatory measures to combat increasing cyber-attacks. Having a plan in place in the event of a large-scale attack and preparing for the worst-case scenario can put businesses at an advantage in the event of a breach. Similar to having a natural disaster plan in place if you live in an area prone to them (hurricanes, earthquakes, etc), businesses need to have a similar plan in place for their digital infrastructure. A data breach is a digital natural disaster that everyone needs to be in preparation for because it is no longer the case of ‘IF’, but ‘WHEN.’

It is important to know your entire data ecosystem to have a successful security approach. Security and IT teams must also assume that there is unmanaged (shadow) data that has not been accounted for or disclosed. Around 40% of all breaches involved data distributed across multiple environments, such as public clouds, private clouds and on premises. Knowing where your data is distributed and stored at all times can help to prevent, identify and contain breaches with minimal disruptions.

One positive that came from the report was that 63% of the company’s that fell victim to ransomware attacks did not pay the ransom in the end. This means that they either had backups and/or controls in place that protected their data from being encrypted and were able to restore their operations. Ensuring you have multiple encrypted offline backups of your data is an important safeguard in the event of a cyberattack, helping to save time and money in regaining access to critical information and getting your operations quickly back in action.

iStorage

We have a wide range of products that can suit those on a budget, with some of our hardware encrypted products starting at only £49, to desktop drives holding up to 24 TB to store your institution’s most vital data in an ultra-secure, offline device.

Our diskAshur3 range boasts the most advanced security features, recently passed the CAVP (Cryptographic Algorithm Validation Program) testing as part of the FIPS 140-3 Level 3 validation scheme that the products are currently being evaluated against. This includes three encryption modes (patent pending), and user-configurable PINs ranging from 8 to 64 digits. The new range incorporates all the essential features of other iStorage products such as ease of use, platform independence and tamper-proof sleek designs.

And our unique and patented iStorage cloudAshur hardware security module is the perfect solution for anyone wanting to securely store, share and manage data in the cloud. cloudAshur can also be used to encrypt data stored on a network drive, on a local PC/MAC and to send encrypted email attachments or data via file sharing software applications eliminating all the security vulnerabilities that exist with cloud platforms, such as lack of control, unauthorised access and human error.

If you are looking to take control of your data and keep it out of the hands of cybercriminals, speak to one of our company representatives now to see what would be best for you.