A data breach is any security incident in which unauthorized parties gain access to sensitive data or confidential information, including personal data (Social Security numbers, bank account numbers, healthcare data) or corporate data (customer data records, intellectual property, financial information).
The terms ‘data breach’ and ‘breach’ are often used interchangeably with ‘cyberattack.’ But not all cyberattacks are data breaches—and not all data breaches are cyberattacks. Data breaches include only those security breaches in which the confidentiality of data is compromised. So, for example, a distributed denial of service (DDoS) attack that overwhelms a website is not a data breach. But a ransomware attack that locks up a company’s customer data, and threatens to sell it if a ransom is not paid, is a data breach. So is the physical theft of hard drives, thumb drives, or even paper files containing sensitive information.
According to IBM's Cost of a Data Breach 2022 report, the average data breach costs a company USD 4.35 million, and 83 percent of organizations have experienced more than one data breach.
Organizations of every size and type are vulnerable to breaches—large and small businesses, public and private companies, federal, state and local governments, non-profit organizations. But the consequences of a data breach are especially severe for organizations in fields such as healthcare, finance, and the public sector. The value of the data these companies handle—government secrets, patient health information, bank account numbers and log-in credentials—and the strict regulatory fines and penalties these organizations face in the event of a breach make their breach costs even higher. For example, according to the IBM report, the average healthcare data breach cost USD 10.10 million—more than twice the average cost of all breaches.
Data breach costs arise from several factors, some more surprising than others. Resulting lost business, revenue and customers cost data breach victims USD 1.42 million on average. But the cost of detecting and containing a breach is slightly more expensive, averaging USD 1.44 million. And post-breach expenses—including everything from fines, settlements, and legal fees to reporting costs and providing free credit monitoring from affected customers—cost the average data breach victim USD 1.49 million. Data breach reporting requirements can be particularly costly and time-consuming.
Data breaches can be caused by
Most malicious attacks are motivated by financial gain. Hackers may steal credit card numbers, bank accounts, or other financial information to drain funds from people and companies directly. They may steal personally identifiable information (PII)—social security numbers and phone numbers— for identity theft (taking out loans and opening up credit cards in their victims' names) or for sale on the dark web, where it can fetch as much as USD 1 per social security number and USD 2,000 for a passport number (link resides outside ibm.com). Cybercriminals may also sell personal details or stolen credentials to other hackers on the dark web, who may use them for their own malicious purposes.
Data breaches may have other objectives. Unscrupulous organizations may steal trade secrets from competitors. Nation-state actors may breach government systems to steal information about sensitive political dealings, military operations, or national infrastructure. Some breaches are purely destructive, with hackers accessing sensitive data only to destroy or deface it. Such destructive attacks, which account for 17 percent of breaches according to the Cost of a Data Breach 2022 report, are often the work of nation-state actors or hacktivist groups seeking to damage an organization.
According to the Cost of a Data Breach 2022 report, the average data breach lifecycle is 277 days—meaning it takes that long for organizations to identify and contain an active breach. Data breaches can take many forms, but most external breaches follow the same basic pattern:
Common data breach attack vectors
Malicious actors can use a number of attack vectors, or methods, to carry out data breaches. Some of the most common include:
Stolen or compromised credentials. According Cost of a Data Breach 2022, stolen or compromised credentials are the most common initial attack vector, accounting for 19 percent of data breaches. Hackers may steal or compromise credentials by using brute force attacks, buying stolen credentials off the dark web, or tricking employees into revealing credentials through social engineering attacks.
Social engineering. Social engineering is the act of psychologically manipulating people into unwittingly compromising their own information security. Phishing, the most common type of social engineering attack, is also the second most-common data breach attack vector, accounting for 16 percent of breaches. Phishing scams use fraudulent emails, text messages, social media content or web sites to trick users into sharing credentials or downloading malware.
Ransomware. According Cost of a Data Breach 2022, it takes a company 326 days on average to identify and contain a ransomware breach. The average cost of a ransomware-related breach is USD 4.54 million—a figure that does not include ransom payments.
Directly exploiting system vulnerabilities. Cybercriminals may gain access to a target network by exploiting weaknesses IT assets like websites, operating systems, endpoints, and commonly used software like Microsoft Office or web browsers. Once hackers have located a vulnerability, they'll often use it to inject malware into the network. Spyware, which records a victim's keystrokes and other sensitive data and sends it back to a command and control server operated by the hackers, is a common type of malware used in data breaches.
SQL injection. Another method of breaching target systems directly, SQL injection takes advantage of weaknesses in the Structured Query Language (SQL) databases of unsecured websites. Hackers enter malicious code into the website's search field, prompting the database to return private data like credit card numbers or customers' personal details.
Human error and IT failures. Hackers can take advantage of employees' mistakes to gain access to confidential information. For example, according to IBM's Cost of a Data Breach 2022 report, cloud misconfigurations served as the initial attack vector in 15 percent of breaches. Employees may also expose data to attackers by storing it in unsecured locations, misplacing devices with sensitive information saved on their hard drives, or mistakenly granting network users excessive data access privileges. Cybercriminals may also use IT failures, such as temporary system outages, to sneak into sensitive databases.
Physical security failures. Attackers may steal an employees' work or personal device to gain access to the sensitive data it contains, break into company offices to steal paper documents and physical hard drives, or place skimming devices on physical credit and debit card readers to collect individuals' payment card information.
A handful of examples demonstrate the range of data breach causes and costs.
Standard security measures—regular vulnerability assessments, scheduled backups, encryption of data at rest and in transit, proper database configurations, timely application of systems and software—can help prevent data breaches, and soften the blow when data breaches occur. But today organizations may implement more specific data security controls, technologies and best practices to better prevent data breaches and mitigate the damage they cause.
Incident response plans
An organization’s incident response plan (IRP)—a blueprint for detecting, containing and eradicating cyberthreats—is one of the most effective ways to mitigate the damage of a data breach. According to the Cost of a Data Breach 2022 report, organizations with regularly tested incident response plans and formal incident response teams have an average data breach cost of USD 3.26 million—USD 2.66 million less than the average cost of a data breach for organizations without incident response teams and plans.
Security AI and automation
The Cost of a Data Breach 2022 report also found that organizations apply high levels of artificial intelligence (AI) and automation for threat detection and response have an average data breach cost that is 55.3 percent lower than organizations applying lower levels of those technologies. Technologies such as SOAR (security orchestration, automation and response), UEBA (user and entity behavior analytics), EDR (endpoint detection and response) and XDR (extended detection and response) leverage AI and advanced analytics to identify threats early—even before they lead to data breaches—and provide automation capabilities that enable a faster, cost-saving response.
Because social engineering and phishing attacks are leading causes of breaches, training employees to recognize and avoid these attacks can reduce a company’s risk of a data breach. In addition, training employees to handle data properly can help prevent accidental data breaches and data leaks.
Identity and access management (IAM)
Strong password policies, password managers, two-factor authentication (2FA) or multi-factor authentication (MFA), single sign-on (SSO) and other identity and access management (IAM) technologies and practices can help organizations better defend against hackers using stolen or compromised credentials, the most common data breach attack vector.
A zero trust security approach
A zero trust security approach is one that never trusts and continuously verifies all users or entities, whether they’re outside or already inside the network. Specifically, zero trust requires
These controls can help thwart data breaches and other cyberattacks by identifying and stopping them at the outset, and by limiting the movement and progression of hackers and attacks that do gain access to the network.
Protect enterprise data across multiple environments, meet privacy regulations and simplify operational complexity.
Reduce your response time, minimize the impact of a cyberattack, and help you recover faster from a cyber breach with a trusted incident response team on standby.
Manage IT risk, establish governance structures and increase cybersecurity maturity with an integrated governance, risk and compliance approach.