Every time there’s a publicly revealed data breach, the public feels a little less secure. Over the past few years, we’ve seen massive breaches of major institutions, from Target to Equifax, that have cost those institutions hundreds of millions of dollars and marred their reputation.
Today, the average data breach seizes 25,575 records, and the average cost of recovering those records, accounting for damages, and improving security to prevent further breaches is $3.92 million, according to IBM. In the healthcare industry, that number jumps to $6.45 million. In 2018, there
were 1,244 reported data breaches in the United States, with a 126 percent jump in the number of personal records exposed.
We’re on an upward trajectory in all areas; the number of data breaches, the severity of data breaches, and the average cost of each breach all seem to be rising. And if I had to guess, I’d say they’re going to keep rising for the foreseeable future. Despite all the efforts white-hat hackers, IT professionals, and major institutions are taking to improve cybersecurity, data breach costs will get worse before they get better.
But why is this the case?
First, we’re seeing an increase in the types of cybercrime that are available. It’s possible for a sufficiently skilled “hacker” to brute-force their way into even a well-protected system, but this isn’t the most common way criminals gain access to public records. They can also guess someone’s password, or trick them into giving it away, getting access to a recordkeeping system as if they were approved to access it. Or they can leverage spyware or other types of malware to gain the information they need.
This is complicated by several factors:
It’s also worth noting that the objective value of personal records is increasing. Data is becoming more valuable, and hacks are therefore becoming more lucrative.
The good news is, most companies and organizations are committed to doing better. Out of concern over potential cybercrime, more organizations are investing heavily in firewalls, encrypted tech, and in-house IT teams to improve their security. But there is a limit to how much new technology can stop an incoming attack.
There’s a kind of arms race between so-called hackers and tech developers, so whenever a new system to ward off attacks is developed,
it’s only a matter of time before someone devises a way to get past it. But
even more importantly, it doesn’t matter how complex your security systems are if one of your employees has a password that’s easy to guess, or can be duped into giving out their login credentials.
I can imagine a distant future where cybercrime is less common and less expensive, but it’s going to involve some innovation that’s years beyond our current understanding. For the time being, the number of available opportunities and the value of those opportunities are skyrocketing, and data breach costs will only climb as a result.