To avoid security breaches' financial and reputational risks, companies must focus on prevention, hire skilled personnel, and use advanced security technologies.
The IT security risks survey, conducted by Kaspersky Lab in collaboration with B2B International, involved more than 5500 companies across 26 countries. The survey targeted top managers and IT professionals to gather insights into security incidents, threats, and infrastructure vulnerabilities. The primary focus was on the financial impact of security breaches and the recovery cost.
The survey revealed that 90% of businesses admitted to experiencing a security incident. Furthermore, 46% of these businesses reported losing sensitive data due to internal or external threats. These numbers highlight the pervasive and ever-present risk of security breaches.
The survey found that, on average, enterprises pay a hefty $551,000 to recover from a security breach. At the same time, small and medium-sized businesses (SMBs) spend an average of $38,000. These figures represent the direct cost required for recovery.
However, the costs extend beyond direct expenses. Indirect costs burden businesses, such as additional staffing, training, and infrastructure upgrades. Enterprises bear an average of $69,000 in indirect costs, while SMBs face $8,000 in other expenses. These figures highlight the financial implications of security breaches.
The survey identified the top three significant consequences of a security breach:
The survey also shed light on the most expensive types of security breaches. Enterprises cited the following as their top three costly breach categories:
Read also: What is cyber extortion in healthcare?
In analyzing the causes of data loss, the survey identified the following as the top three IT security threats:
The expenses incurred in response to Change Healthcare's ransomware attack of February 2024 have surged. The current estimated cost ranges between $2.3 billion and $2.45 billion, which is a considerable increase of over $1 billion from the previous figure reported. Given that UHG has already shelled out almost $2 billion towards dealing with this issue so far, it marks one of their most severe financial challenges yet - largely due to an extended period of disruption caused by prolonged network downtimes across various components within their infrastructure.
The aftermath of the Change Healthcare cyberattack and UnitedHealth's response shows how cybersecurity vulnerabilities in healthcare can have far-reaching consequences. Even though UnitedHealth showed resilience, the attack still had a financial impact that revealed potential economic risks for other large organizations as well. Directing extensive support towards addressing this issue head-on, particularly through financing solutions provided by large corporations like UnitedHealth, sets an unprecedented precedent that may influence Industry standards or even regulatory expectations going forward.
See more: Change Healthcare ransomware attack projected to cost $2.3 billion
A security breach is an incident where unauthorized individuals gain access to sensitive information, systems, or networks. In healthcare, a security breach often involves protected health information (PHI) being accessed, disclosed, or stolen without authorization.
See also: HIPAA Compliant Email: The Definitive Guide