Featured image

Impacts of a data security breach on an organization

*This blog post was updated on August 27, 2021 to incorporate new data and company services. 

The rise in remote work has increased our ability to take work with us wherever we go. That also means the potential impact that a data breach could have on organizations is even greater. Standard data security measures are no longer basic precautions. Due to the growing sophistication and avenues to attack a company, data security must always encompass the overall well-being of the enterprise—including its employees and customers. 

Whether you have staff working from home, at a local coffee shop, or in the office, the threat of a data breach exists in any environment. That’s why it’s important to give staff a foundational understanding of the latest methods that hackers will use to attack secured data. As with any core ethics and compliance topic, continually updating education around data security will help employees understand how they are using company work and information—and what to do in case of a cyberattack on company data. In a recent webinar with LRN, data privacy experts from Cordery, Deluxe, and Microsoft discussed how organizations can navigate the new compliance risks associated with data privacy and protection, especially in the wake of COVID-19. 

By the numbers: How a data breach can impact an organization 

According to the 2021 edition of IBM’s annual Cost of a Data Breach report, data breaches now cost companies $4.24 million per incident on average—the highest cost in the 17-year history of the report. Additional findings concluded that: 

  • The rapid shift to working remotely during the pandemic likely led to more expensive data breaches. Breaches cost over $1 million more on average when remote work was indicated as a factor in the event, compared to those without this factor ($4.96 vs. $3.89 million). 
  • Stolen user credentials were the most common root cause of data breaches. And customer personal data—such as name, email, password—was the most common type of information exposed in data breaches (44%). 
  • The loss of customer personal identifiable information (PII) was also the most expensive compared to other types of data ($180 per lost or stolen record vs $161 for overall per record average). 

Insider threats to data security are on the rise 

The impact of a data breach on an organization is potentially staggering, and often unknown until the results come to fruition. It’s unfortunate that the highest occurrences of data security compromise come from inside the company due to malicious or negligent acts. According to Equifax’s idwatchdog, insider threats were the primary cause for 60% of data breaches in 2020—and the number of insider security incidents has risen by 47%since 2018. 

It takes a time for an organization to recover from a data breach. The cost of lost business alone holds great consequence for any organization. There’s a growing awareness of the ease of theft of identity and personal information. When a data breach occurs, not only does the business’ reputation become damaged—the customer’s trust is also compromised. 

The key takeaway 

There is nothing concrete to prevent a violation entirely, but the likelihood is reduced when the entire company is educated and aware of precautions to take. Developing memorable training courses that feature commonplace scenarios can help your staff truly spot the risks in their own workdays. To learn more about how a data breach may occur, and what you can do to help members of your company prepare themselves, watch the recording of our full webinar on data privacy and protection in a post-COVID world. 

Ready to upgrade your ethics and compliance program?

We’re excited to give you a personalized demo of the LRN solution. We’ve been a trusted ethics and compliance partner for over 25 years. With over 30 million learners trained each year, we optimize ethics and compliance programs across the globe to help save your team time, increase engagement, and align with regulation.