In the world of cyber security, the term ‘data breach’ is mentioned a lot and is often the very first step in a business falling victim to a cyber-attack. To put it simply, a data breach is a violation of security where sensitive, protected, or confidential information is accessed without authorisation.
The Cost of a Data Breach Report 2020 from IBM Security revealed that the average total cost of a data breach to UK businesses was $4,670,000 (£3.440,000), an increase of 19.7%.
The report also revealed that the healthcare, financial, pharmaceuticals, technology and energy industries were in the top five industries that had been hit the hardest financially by a data breach in 2020-2021.
Healthcare (1st)
Financial (2nd)
Pharmaceuticals (3rd)
Technology (4th)
Energy (5th)
The average total cost for healthcare increased from $7.13 million in 2020 to $9.23 million in 2021, a 29.5% increase. Energy dropped from the second most costly industry to fifth place, decreasing in cost from $6.39 million in 2020 to $4.65 million in 2021 (27.2% decrease).
You can see the breakdown of the average total cost of a data breach by industry below:
SOURCE: Average cost of a data breach by industry - IBM Security
Of the breaches included within the report, 20% were as a result of user credentials being compromised, leading to access to unauthorised information being stolen. Compromised credentials are exact matches of authentic users’ ID’s and passwords (usually your employees’ or customers’) that are available to anyone on the outside via the Dark Web.
6 simple ways to avoid being hacked
Tough passwords - Passwords are you first level of protection when it comes to securing your online accounts or customer data. Complex passwords can often be difficult to remember, which often leads to people choosing weaker passwords or repeating them across multiple accounts.
Double up your cyber protection - Two-step verification otherwise known as 2SV or multi-factor authentication was designed to help stop criminals from accessing your accounts even if they obtain your passwords.
Two-step verification (2SV) ensures that any new device trying to log in or make account changes needs a second layer of security before access is given. Some common methods of 2SV include a single use code being sent via SMS, email, phone, or smartphone application.
Regularly backup your data and isolate it- Think about how much you rely on your business-critical data, such as customer details, quotes, orders, payment details or coursework/examination files for education establishments. Now imagine how long you would be able to operate without them.
All businesses, regardless of size and type, should take regular backups of their important data, and make sure that these backups are recent, tested so you are confident they can be restored.
Update, update and update - Regularly patching and installing software updates helps to protect your devices as the updates will expose new flaws and vulnerabilities. Software and app updates are designed to fix these weaknesses and installing them as soon as possible will keep your devices secure.
When setting up new devices you should also remove any unnecessary pre-installed software, while ensuring that they have firewall protection enabled and are running up-to-date anti-virus software.
Pay attention to detail to minimise the risk of human error - Regularly patching and installing software updates helps to protect your devices as the updates will expose new flaws and vulnerabilities. Software and app updates are designed to fix these weaknesses and installing them as soon as possible will keep your devices secure.
When setting up new devices you should also remove any unnecessary pre-installed software, while ensuring that they have firewall protection enabled and are running up-to-date anti-virus software.
Act quickly - Having an Incident Response Plan could reduce the cost of a data breach on your business. The IBM report revealed that of the businesses who had tried and tested incident response plans saw an average total cost of a data breach that was $2.46 million less than those that experienced a breach without an IR team or a tested IR plan.
To help you minimise the impact of a cyber-attack we have created a Cyber Incident Response Plan for you to use.
Businesses in the South East can sign up for a free Core Membership online and receive a welcome pack full of practical resources and tools that will help you identify your risks and vulnerabilities and the steps you can take to increase your levels of protection. Through your membership, you will also get regular updates on new threats, designed to help you stay safer.