Most data breaches cost companies between $10,000 and $1 million, according to an analysis of 2,400 data breach incidents from 2017 to 2022 conducted by Black Kite Research. In addition, 15% of analyzed data breaches cost between $1 million and $10 million.
Black Kite Research By The Numbers
Other notable findings from Black Kite's analysis include:
- The average cost of all data breaches totaled $75 million, and the average cost of data breaches excluding outliers was $15 million.
- The finance and insurance sectors experienced the most data breach incidents (445) between 2017 and 2022, and the average cost for these incidents was $35 million.
- Unsecured servers and databases ranked first among the most frequent causes of data breach incidents, accounting for 19% of all incidents and at an average cost of $113 million per incident.
- Approximately 71% of companies still have active or known websites accessible with open-source intelligence data.
- The average Ransomware Susceptibility rating for companies was 0.42 based on a 0.0 to 1.0 scale of susceptibility.
- All breached companies have at least one critical or high-severity vulnerability due to an outdated system.
Black Kite Research also cited the following as its top known threat actors:
- REvil ransomware was the most frequent threat actor, accounting for 11 data breach incidents with an average cost of incident of $22 million.
- Conti ransomware ranked second, accounting for 10 incidents with an average cost of $85 million.
- The Lazarus Group cybercrime ground ranked third, accounting for five incidents with an average cost of $220 million.
Data breach incidents can impact a company's bottom line and its relationships with partners and customers, Black Kite Research noted. However, companies can take steps to guard against cyber threats before they lead to data breaches.
How to Combat Cyber Threats and Avoid Data Breaches
Black Kite Research offered the following recommendations to help companies protect against cyber threats and data breaches:
- Learn from Past Data Breaches. Find out why companies have suffered data breaches in the past. Next, a company can determine the best ways to prevent similar breaches.
- Monitor Partners, Vendors and Suppliers. Analyze the attack surface of partners, vendors and suppliers. If a partner, vendor or supplier has security weaknesses, it may be time to consider other options.
- Provide Cybersecurity Awareness Training: Teach employees of all skill and experience levels about cyber threats and how to combat them. This ensures that employees across a company can work together to minimize risk.
MSSPs also can help companies manage cyber risk. They can provide managed security services and cybersecurity tips and insights that businesses can use to optimize their security posture.