How Costly is a Data Breach?



Just two years ago, we released a blog about the “Real Cost of a Data Breach for Financial Services.” Now, only 24 months later, we’re revisiting the statistics and sharing the updated numbers. In this short period of time, the cost of a data breach has increased – dramatically. Financial services data proves to be some of the most valuable data, aside from healthcare data. Every aspect of data breach seems to have gone up and to be honest, we’re not surprised.

The financial services industry contributed 62% of exposed data in 2019, though it accounted for only 6.5% of data breaches, according to a Bitglass report, compiled from data by the Identity Theft Resource Center (ITRC) and the Ponemon Institute.

Below, you’ll find our updated infographic with 2019 data. Every single number is an increase from the prior. What is your firm doing to protect itself from these data breaches that are becoming more and more common?

Financial services records are in high demand, second only to healthcare records. And, the data breach records show the value hackers find in these records. In financial services organizations, firms are forced to pay upwards of $388…per record breached. That’s a 14% increase since our last report in 2017. Other industries typically pay less than half, $149, per breached record. 

Why are financial services records so valuable?! It’s valuable data and it’s not easily changed by the client. For instance, breached data often includes names, addresses, social security numbers, and banking information.

Financial services firms incur both direct and indirect costs when going through a data breach investigation. Some of the direct costs include investigations and forensics, breach notification, lawsuits, settlement fines, and post-breach clean-up expenses.

Indirect costs include loss of client trust, damaged firm reputation, firm turnover, a hit to employee morale, and loss of business.

Hacking and malware remain the primary cause of data breaches in financial services at 74.5% (up slightly from 73.5% in 2018). Insider Threats grew from 2.9% in 2018 to 5.5% today, while Accidental Disclosures increased from 14.7% to 18.2%.

There are factors that can increase or decrease the chances of a data breach. Factors that decrease your changes are insurance protection, having an appointed CISO, extensive use of encryption, having an incident response team, and employing security automation technologies. Factors that increase your chance for a data breach? Lost or stolen devices, compliance failures, undocumented security procedures, among others.

Protecting your firm now is well worth the preventative effort and investment it takes.

We recommend these five administrative tools:

  • Conduct regular user training
  • Conduct extensive due diligence on 3rd party vendors
  • Hire dedicated security officer(s)
  • Employ and enforce BYOD policies
  • Enforce password policies

And these 5 technical tools:

  • Utilize security automation technologies
  • Employ an incident response team
  • Perform regular penetration testing 
  • Always patch and update your systems
  • Implement internet whitelisting

What we really hope you take away from this is that your firm will be far better served by investing in security practices now, than trying to clean up the damages later.

At this rate, what could 2022 numbers possibly look like?