data breach costs

Breach report: Understand and minimize reputational cost

Print Friendly, PDF & Email

IBM and the Ponemon Institute have released their new Cost of a Data Breach Report 2021, based on analysis of 537 breaches across multiple locations and industries. The results are pretty eye-opening and provide a window into the nature and scale of reputational costs — lost business following a breach — that are independent of whether the data lost was actually protected or critical.

Overall, the total cost of a data breach rose 10% over 2020 to $4.24 million. That’s the largest year-over-year increase in seven years. But it’s not evenly distributed. For example, where remote work factored into the cause of a breach, the cost was higher by over $1 million. And the healthcare industry led all others in cost for the 11th consecutive year, growing nearly 30% to $9.23 million.

Reputational harm and lost business

There are several different types of cost that go into the total cost of a breach, but according to the report, the biggest contributor in 2021 was lost business, representing 38% of the total cost, or $1.59 million. This number includes increased customer turnover and increased cost of acquiring new business due to reputational harm, along with lost revenue due to system downtime.

Illuminate Education exemplifies this type of risk. In January 2022 the company — which provides education and assessment software to school districts across the U.S. — suffered a large data breach. New York City banned the use of their products after it was revealed that private data belonging to 820,000 students there had been taken.

The scope of the breach continues to expand, with many other students affected in districts nationwide. It seems prudent to assume that more of those districts will cut ties with Illuminate Education, with severe bottom-line effects for the company — all because of a data breach that may very well have been preventable.

Cascading effects

Consider also the recent example in which the Oregon Secretary of State’s (SoS) reporting process was disrupted in the run-up to primary elections (discussed in detail an earlier blog post). A web hosting provider called Opus Systems suffered a severe ransomware attack and data theft. The Oregon SoS uses the campaign finance reporting system ORESTAR. Login information for ORESTAR is held in a database owned by campaign finance firm C&E Systems. And C&E Systems uses Opus Interactive for web hosting.

Despite not having been victimized itself, the Oregon SoS had to address the potential security consequences and invest in public relations efforts to reassure voters that the upcoming election was not in any way affected by the breach.

Key cost differentiators

The Cost of a Data Breach Report also provides considerable insight into the mitigating effects on cost of different security strategies.

  • Breached companies with fully deployed security AI and automation capabilities (such as those provided by Barracuda Email Protection) saw the biggest positive impact on cost. Total breach costs were only $2.9 million compared to $6.71 million for those without, or 80% lower. These solutions were also associated with a shorter time to identify and contain the breach.
  • Companies with mature Zero Trust Access deployed (such as Barracuda CloudGen Access) also saw costs that were more than 50% lower than those without Zero Trust, saving $1.76 million. This matches another data point, that the largest percentage, 20% of breaches, were initially caused by compromised credentials.
  • Compared to public cloud, private cloud, and on-premises environments, breaches in hybrid cloud environments entailed the lowest cost, by 28.3%. Companies in the midst of large cloud migrations saw higher breach costs, whereas those further along on their cloud journey spotted and contained breaches 77 days earlier than early-stage cloud adopters.

Steps to minimize risk

The reputational costs and potential business impacts of a data breach are clearly severe. But by implementing high-impact security solutions, you can not only reduce the chances that your organization will fall victim to a data breach, but also significantly lower the total cost in case an attacker still succeeds in breaching your data.

As you migrate to the cloud, it’s especially important to ensure that your security strategies are able to extend comprehensive protection across your entire infrastructure. Barracuda’s cloud-first solutions work together to secure email, defend networks and apps, enforce zero trust access controls, and protect data wherever it’s deployed.

See how you can response faster to email attacks

Scroll to top