Data Breach Costs Will Get Worse Before They Get Better. Here’s Why.

Every time there’s a publicly revealed data breach, the public feels a little less secure. Over the past few years, we’ve seen massive breaches of major institutions, from Target to Equifax, that have cost those institutions hundreds of millions of dollars and marred their reputation.

Today, the average data breach seizes 25,575 records, and the average cost of recovering those records, accounting for damages, and improving security to prevent further breaches is $3.92 million, according to IBM. In the healthcare industry, that number jumps to $6.45 million. In 2018, there
were 1,244 reported data breaches in the United States, with a 126 percent jump in the number of personal records exposed.

We’re on an upward trajectory in all areas; the number of data breaches, the severity of data breaches, and the average cost of each breach all seem to be rising. And if I had to guess, I’d say they’re going to keep rising for the foreseeable future. Despite all the efforts white-hat hackers, IT professionals, and major institutions are taking to improve cybersecurity, data breach costs will get worse before they get better.

But why is this the case?

The Diversity of Options

First, we’re seeing an increase in the types of cybercrime that are available. It’s possible for a sufficiently skilled “hacker” to brute-force their way into even a well-protected system, but this isn’t the most common way criminals gain access to public records. They can also guess someone’s password, or trick them into giving it away, getting access to a recordkeeping system as if they were approved to access it. Or they can leverage spyware or other types of malware to gain the information they need.

This is complicated by several factors:

• The number of internet-connected countries is growing. The developed world has been connected to the internet for a long time, but developing countries are starting to make use of the internet at a faster rate. This means a greater number of people are going to be connected to the internet, which is going to increase both the number of potential targets and the number of potential cybercriminals.
• The number of devices and apps used is increasing. We’re also seeing increases in both the number of devices an average person uses and the number of apps and programs on each device. All it takes is a single point of vulnerability to gain entry to a system, so the more complex and multifaceted our world of tech becomes, the more common data breaches are going to be.
• Knowledge of hacking techniques is increasing. New techniques for gaining access to tech systems are constantly being developed and shared, sometimes publicly. You don’t need to have an in-depth knowledge of coding to pull off a large-scale data breach; sometimes, all it takes is a bit of persuasion.

The Value of Records

It’s also worth noting that the objective value of personal records is increasing. Data is becoming more valuable, and hacks are therefore becoming more lucrative.

Consider:

• Companies are collecting more data. Look at the importance that major companies are placing on consumer data. Companies that make consumer products are collecting as much data as possible to make better products. Medical researchers are looking at patient data for better diagnoses and better health outcomes. And obviously, collecting more records from more individuals means the impact of any breach is going to be bigger.
• More individuals are reliant on data. It’s also true that individuals are relying on data and the security of multiple systems. Think about the number of credit cards you have, and how many organizations you trust to handle things like your social security number and birthday.
• Data is tied to more significant outcomes. Simultaneously, we’re seeing a trend where data is being tied to more serious outcomes. It may not matter to a cybercriminal what your shopping habits are, but if they can glean your existing medical conditions, or potentially gain access to a medical device or prescription, they could do a lot of damage—or demand a lot of money.

Taking the Threat More Seriously

The good news is, most companies and organizations are committed to doing better. Out of concern over potential cybercrime, more organizations are investing heavily in firewalls, encrypted tech, and in-house IT teams to improve their security. But there is a limit to how much new technology can stop an incoming attack.

There’s a kind of arms race between so-called hackers and tech developers, so whenever a new system to ward off attacks is developed,
it’s only a matter of time before someone devises a way to get past it. But
even more importantly, it doesn’t matter how complex your security systems are if one of your employees has a password that’s easy to guess, or can be duped into giving out their login credentials.

The Far Future

I can imagine a distant future where cybercrime is less common and less expensive, but it’s going to involve some innovation that’s years beyond our current understanding. For the time being, the number of available opportunities and the value of those opportunities are skyrocketing, and data breach costs will only climb as a result.