With the advent and evolution of AI, data breaches are happening with more and more regularity. And what is the favored target? Personal information. According to the latest data, the use of stolen credentials was used in 86% of data breaches.
Kristopher Kane from MSN.com shares, “A data breach — sometimes also known as data loss, data theft or exfiltration — is a security incident where intellectual property or sensitive, confidential or otherwise protected data is copied, transmitted, viewed, stolen, altered or otherwise used by an unauthorized person for fraudulent purposes.”
The Aftermath of a data breach
For a business experiencing a data breach, the repercussions can be severe if their customers’ data is exposed. Recently, the healthcare organization Ascension experienced a “cybersecurity event” to which the extent of damage has not yet been determined.
In the 2024 United Health’s Change Healthcare ransomware attack, paying the reported ransom of $22 million was only the beginning. So far, their recovery costs are close to $1 billion. Right now, research has put the overall average cost of a data breach for a business in the U.S. at $9.48 million. Even for small businesses, recovering from a data breach is averaging around $38,000 and can quickly put some of them into bankruptcy.
To a business, the outright financial cost is one thing whether it is a ransom that was paid or fines assessed on the business. For example, T-Mobile was fined $500 million for a 2021 data breach that exposed 76 million of their customers’ records. The cost of a settlement for a second attack in 2023 has yet to be decided.
However, the damage to a business’s reputation is irreparable in many cases. In one survey, it found that 60% of customers in the U.S. would stop buying products or services for several months after from a business experiencing a data breach attack; 21% responded they would never again buy from a company experiencing a data breach. That means the company lost almost a quarter of its customer base in a very short time. That doesn’t make the bottom line look good!
What Can Businesses Do?
Human error still accounts for over 28% of the data breaches with email phishing still the number one method of obtaining information that can then be used to access a computer network. While it is important to protect IT systems, money is also well spent to mitigate the risk of a data breach by training employees on what to look for in phishing attempts and having an up-to-date data breach response plan. With the way data breaches are ramping up, it is more of an issue of when rather than if a breach will occur.
Having a response plan is key because in most cases, by the time a company finds out something is amiss, the breach has already occurred. So, it is important to find out after the fact:
- how it happened
- how much and what type of information was accessed or stolen
- which customers were affected
- … and to prevent hackers from using the same method of access again.
What To Do After a Data Breach
A data breach doesn’t have to be the end for the business. Here’s what to do in the aftermath.
1. Retain a forensic specialist.
A trained and experienced expert can assess exactly what happened, identify all of the above information, and suggest ways to prevent it from happening again.
2. Contact your legal department.
Have a lawyer specializing in data security breaches identified so that you know who to call right away. They can advise you how to notify consumers, the public, insurance providers, and regulators so that from a regulatory and ethical aspect, you have taken all the necessary steps to notify all individuals involved. The worst thing you can do is to try and cover it up!
3. Stop using any infected equipment.
When a breach is discovered, immediately stop using devices that have been compromised and physically disconnect any internet connections. This will not only help preserve evidence and an access trail for an investigation but also prevent further breaches in the short term.
4. Back up critical data.
While this should have been done already and have been kept up to date, if not and once your machine is disconnected from the internet, create redundancy of critical information such as access and activity logs, customer lists, payment information, and trade secrets.
If you’re not actively working with a cyber professional now to protect your organization, now is the time to start. In fact, the DoD offers free cybersecurity services to the Defense Industrial Base (DIB), in order to help companies meet the latest cyber requirements and keep U.S. networks secure. The best way to deal with a data breach is to take all the necessary steps to reduce the chances of one happening to your organization.
