What Is a Data Breach?

A data breach is a cybersecurity incident where sensitive, confidential, or protected information is accessed, viewed, stolen, altered, or used by an unauthorized individual or entity. Data breaches can occur due to various cyber-attacks, such as hacking, insider leaks, payment card fraud, malware attacks, loss or theft of physical devices, unintended disclosure, or other unknown reasons.

The types of stolen data from a breach may include credit card numbers, customer data, trade secrets, medical records, financial information, personally identifiable information (PII), or national security matters. Data breaches can affect businesses of all sizes, industries, and geographies, occurring with alarming frequency. They carry severe consequences for organizations facing costly fines for compliance violations, litigation, and long-term brand damage.

Because data breaches are so profitable, attackers seek out personally identifiable information (PII). Small organizations might think they are not a target because of their size, but often, the opposite is true. In fact, they can be a bigger target than a large enterprise with an effective cybersecurity defenses. Cybersecurity should be a bigger priority for even small and medium-size businesses.

Data breaches can happen from:

• Hacking or malware attacks: These are the most common methods of data breaches. Attackers use techniques such as phishing, social engineering, brute force attacks, or exploiting vulnerabilities in software or systems to gain unauthorized access to sensitive data.
• Insider leaks: A trusted user or individual with privileged access can abuse their rights to steal or compromise data. The motivation behind insider threats can include financial gain, revenge, or unintentional actions.
• Payment card fraud: Payment card data is stolen using physical skimming devices or other methods.
• Loss or theft: Laptops, office computers, portable hard drives, files, and other physical assets can be lost or stolen.
• Unintended disclosure: Sensitive data can be exposed through user errors, mistakes, and negligence.
• Inadequate security: Weaknesses in technology, user behavior, and weak credentials are some of the common reasons for data breaches.
• Unknown reasons: In a small number of cases, the actual reason for a data breach may be unknown.

Data breaches can occur offline or online, and hackers can use channels such as the internet, Bluetooth, text messages or online services to access sensitive data.

Customer information isn’t the only target for an attacker. Breached data can lead to more sophisticated attacks. For example, stolen credentials from a phishing campaign can lead to privileged authorized access to sensitive data.

Targets in a data breach include:

• Weak passwords: Even if passwords are encrypted, deprecated ciphers or passwords vulnerable to dictionary attacks can be used in future threats.
• Stolen credentials: Phishing, spear phishing, and whale phishing target users to steal credentials and other sensitive information.
• Compromised assets: Accessing credentials, deploying malware or exploiting applications that provide unauthorized access can enable an attacker to silently exfiltrate data.
• Corporate information: Confidential business data like customer lists, source code, intellectual property and employee data can be valuable targets in breach attacks.
• Personal health data: Healthcare organizations with weak security and HIPAA compliance measures may be vulnerable to data breaches involving medical records, health insurance information, social security numbers, and other personal data.
• Credit card fraud: Skimmers and phishing target users for their credit card information.
• Third-party credentials and access: Access via a third party, such as a vendor or outside contractor, is a strategy for attackers.
• Mobile devices: Endpoint security is more important than ever, as mobile devices can be a gateway to the local network and your data.

Unlike other attacks, a data breach cannot be remediated with a simple patch and software update. It usually triggers efforts to add more cybersecurity infrastructure to the network, but even then, the damage is already done.

Data breaches can result in substantial damages for both individuals and organizations, including:

• Financial loss: The financial impact of a data breach can be immediate and devastating for organizations. The cost of a data breach has risen over the past few years and includes the cost of investigation, remediation, and legal fees. According to the 2022 Cost of a Data Breach, the average cost of a data breach in the U.S. is $9.44 million.
• Reputational damage: The reputational damage resulting from a data breach can be hard-hitting for a business. Customers and vendors may cease all business with organizations that have been breached. Adding to the damages, they may share their experience with others, including on social media.
• Operational downtime: A data breach can cause significant operational downtime, resulting in lost productivity and revenue for organizations. Depending on the remediation process, this downtime can be very costly.
• Legal action: Organizations that experience a data breach may face legal action from affected individuals, regulatory bodies or other stakeholders.
• Loss of sensitive data: A data breach can result in the loss of sensitive data, including personal information, corporate information and intellectual property.
• Consequential damages: Consequential damages stemming from a data breach could include lost profits or reputational damages, which may be difficult to estimate at the time of the breach.
• Mitigation damages: Mitigation damages may include the cost of credit monitoring, identity theft protection and other measures taken to mitigate the effects of the breach.

The severity of a data breach depends on the focused target. While it can be devastating for individuals, data breaches can cost organizations millions and negatively impact revenue long-term. The three main entities affected by data breaches are:

• Businesses: An organization that falls victim to a data breach could lose money in litigation and reparations, but the more considerable damage is in brand reputation. Target, Equifax and Yahoo are well known for their data breaches. It’s cost them millions in lost consumer trust and brand damage.
• Government: Military, government trade secrets and undercover personnel are at risk if an attacker compromises government infrastructure.
• Individuals: For individuals, the most significant monetary risk is identity theft. Individual data could be sold on darknet markets or used immediately to open credit lines, purchase products, or create fraudulent accounts.

When you think of data breaches, you typically think of a hacker compromising a network and stealing data. However, data breaches can result from several different actions. Human error, for example, is one of the most significant factors in data breaches.

Among the different types of data breaches include:

• Credentials stored in source code: Developers make the common mistake of leaving credentials or access keys in code repositories. Attackers search public repositories on GitHub to find them.
• Exploited authentication or authorization systems: Applications with vulnerabilities or any cybersecurity infrastructure with bugs could allow an attacker to gain unauthorized access.
• Eavesdropping: Unencrypted traffic across a network is vulnerable to interception and eavesdropping.
• Human error: Negligence or a disgruntled employee could purposely or accidentally disclose data by falling for phishing or social engineering.
• Malware These programs are designed to infect a victim’s computer and steal sensitive information.
• Ransomware: This is a sophisticated type of malware that encrypts a victim’s files and demands a ransom payment for the decryption key.
• Recording keystrokes: Known as keyloggers, this type of malware can be designed to record a user’s keystrokes, allowing the attacker to capture sensitive information like passwords.
• Phishing: This form of social engineering involves deceiving users into revealing sensitive information, such as login credentials or credit card numbers, which can result in a data breach.
• Hacking: Should an attacker gain access to user devices or compromise the internal infrastructure, they can install malware to steal data.
• Insider threats: Current or terminated employees could purposely send data to a third party or steal it for their financial gain.
• Physical theft: Organizations are vulnerable to data theft when local resources, user devices, work laptops and other physical assets are stolen.

Cybersecurity incidents have been on the rise for years. But incidents skyrocketed after COVID sent workers home. Organizations were forced to use remote workers for every aspect of business productivity. This shift led to an increase in data breaches. Users stored data on their personal devices, and organizations opened cloud resources and VPN-accessible internal infrastructure. 

Many of the latest data breach statistics were due to the pandemic. But here are a few statistics that made an impact on cybersecurity and businesses: 

• The COVID-19 impact from remote workers increased data breach costs by $137,000 per incident.
• 76% of organizations indicated in an IBM survey that remote workers increased the amount of time needed to identify and contain a threat.
• Experts count 192,000 Coronavirus-related known attacks, and numbers continue to increase.
• Healthcare attacks targeting patient information rose 58%.
• Web application exploits and compromises have doubled since 2019 and accounted for 43% of attacks.
• Loans offered by the US government to help small businesses impacted 8000 of them from a data breach.
• Symantec estimates that 4800 websites are compromised every month from clickjacking.
• Verizon estimates that 71% of data breaches are financially motivated.
• In 2019, 36% of data breaches were from organized cyber criminals.
• It takes an average of 80 days to contain a threat.
• Healthcare organizations struggled the most with threat containment and took an average of 329 days to contain.
• Microsoft Office accounts for 48% of malicious file attachments.
• The average cost of a data breach globally is $3.86 million. 
• The health care industry pays the highest costs after a data breach, at $7.13 million per incident.
• Most costs incurred from a data breach happen a year after the incident.
• A customer service employee for a financial institute has access to 11 million records, making them a risk for social engineering and phishing.
• 80% of breaches involve brute-force password attacks or stolen credentials.
• In 2020, distributed denial-of-service (DDoS) attacks increased more than 278%

The cost of a data breach rose significantly in the last year, mainly due to an increase in an at-home workforce. In 2015, the cost of a data breach on average was $3.8 million. Today, the cost of a data breach is $14.8 million. 

Proofpoint researched costs associated with a data breach and found that long-term collateral costs may persist after the initial outlays. The loss in productivity from incident response staff and other employees due to downtime translated to an estimated 63,343 hours wasted to deal with a data breach.

Email is a common vector in attacks, and a compromise costs large businesses $6 million annually. Some attacks use email and social engineering to trick employees into paying an estimated $1.17 million in fraudulent invoices and money transfers.

Ransomware continues to evolve and can incapacitate an organization. Many of these attacks start from email messages. Some organizations pay the ransom, but only $790,000 of the annual $5.66 million spent is from paying the ransom.

The average cost for organizations to resolve a data breach is $807,506, a dramatic increase from 2015’s $338,098. Credential theft via phishing accounts for many of these costs. Overall, malware and data exfiltration cost an estimated $137 million.

Accounting for every threat, including human error, is a full-time job and difficult for small businesses. However, organizations can follow specific standards and use common strategies to stop attacks. It only takes one weak link to lead to a data breach, so strategies should strengthen every aspect of the organization, including staff cybersecurity training and education.

A few best practices for data protection against breaches include:

• Always install the latest version of the software, especially security patches.
• Use cryptographically secure encryption for network traffic and storage.
• Upgrade devices with the latest operating system updates.
• Enforce policies if users are allowed to bring their own devices.
• Use password policies to enforce password length and complexity.
• Educate employees on the warning signs for phishing, social engineering, and other attacks.
• Adopt a cyber defense that protects data from insider threats, account takeover and risky web apps.
• Regular security audits help identify vulnerabilities and prevent data breaches.
• Firewalls and intrusion detection systems help prevent unauthorized access to sensitive information.
• By implementing privilege access management (PAM), organizations should limit access to sensitive information to only those who need it to perform their job duties.
• Organizations should monitor third-party access to sensitive information and ensure that vendors have strong security measures in place.

Cyber insurance helps offset costs by covering monetary damages after an incident such as a virus or denial-of-service (DoS). But even with the best cybersecurity infrastructure, organizations will never be 100% risk-free. Cybersecurity insurance helps pay for the costs after an incident, especially when the organization is liable for lost data. For example, healthcare organizations can incur hefty fines for losing personally identifiable information (PII).

Insurance contracts differ between insurers, so organizations must read the terms before signing. For example, an insurer might require that the organization is compliant and has specific cybersecurity infrastructure installed to stay insured.

By utilizing Proofpoint’s solutions, organizations can strengthen their security posture and protect against data breaches. Whether it’s to stay current with the latest compliance requirements or to host employee security awareness training, Proofpoint ensures that your data is protected from malware, attackers, corporate espionage, ransomware, phishing, and the many risks associated with digital assets.