Why you pay more when brands suffer a data breach

Our newsfeeds are constantly bombarded with stories of yet another data breach. But did you know there is often an invisible cyber tax being passed on to customers, meaning customers pay more every time a big brand gets hacked?

A list of the world's biggest data breaches and hacks contains familiar large enterprises, from Microsoft to Uber. Until recently, many believed the highest cost for users was the inconvenience of resetting passwords on the affected account. But as data breaches continue to rise, an IBM report has revealed that many enterprises are recouping their losses from poor security practices by passing an invisible cyber tax onto their customers.

It is estimated that the cost of a data breach in 2022 has increased by 2.6 percent, an all-time high of $4.35 million. But when IBM surveyed 550 organizations that had suffered a data breach in the last twelve months revealed that 60 percent had passed on the cyberattack costs to customers. This figure is especially concerning because only 17 percent of those surveyed said this was the first breach. With so many repeat data breaches, many are asking why they are not learning from previous attacks and how long they can expect their customers to pay for their incompetence.

Stolen or compromised credentials and phishing attempts predictably remain the usual suspects blamed for data breaches. But cloud misconfiguration is also rising the ranks and being blamed for the cause of 15% of successful attacks. Although healthcare organizations retain their title for most expensive data breaches for the 12th consecutive year, almost every industry has witnessed a dramatic increase in breaches.

Can zero trust security revolutionize DevSecOps?

The most daunting task for many security teams is identifying and assessing how much data they generate, collect, and process. Only then can they determine the best technologies and methodologies to safeguard the data, manage who can access it, and regularly audit their information security practices.

The good news is that organizations are picking up the pace of deploying a zero trust strategy, rising from 35% in 2021 to 41% in 2022. Data seems to suggest that this is a massive step forward as those without a zero trust approach are currently incurring an average of $1 million more in costs. However, this is just one of the many methodologies enterprises can implement to help reduce the cost of inevitable data breaches.

A combination of AI technology, a DevSecOps approach, encryption, and an incident response (IR) team are the top ways of further decreasing the costs associated with high-profile attacks. For example, SecurityAI can result in organizations paying up to $3.05 million less in costs caused by a data breach while reducing the time to identify and prevent an attack by 74 days. Additionally, maintaining an incident response team and regularly audited IR plans can dramatically reduce costs by $2.66 million.

The cost of doing nothing

Unfortunately, many organizations still think cybersecurity can be somebody else's problem with a cloud subscription and a cyber insurance policy. In addition, instead of investing time in creating a disaster recovery plan, they pass on the costs of a data breach to their customers via an invisible cyber tax. The problem with many well-intended taxes, from plastic bags to cyber security, is whether the additional revenue ever goes towards being a part of the solution to the problem.

The most revealing stat from the IBM-sponsored cost of a data breach report is that 83% of businesses have experienced at least one breach in their lifetime. As a result, nobody wants to repeat conversations with customers, clients, and employees about being victims of another breach. In addition, the impact on a brand's reputation can take years to recover and further strengthen the need for a different approach.

Another recent study revealed how consumer attitudes are changing towards brands that suffer high-profile security breaches. For example, 62% of American consumers and 44% of UK shoppers admitted they would immediately cease purchasing anything from a brand for several months following an attack. At the very least, consumers will expect to be compensated, provided with a detailed explanation of what happened and proof that cybersecurity controls have been improved to ensure it does not occur again.

The biggest takeaway is that businesses must adopt a proactive rather than reactive security mindset to fully understand the current cyber security level before a breach occurs. Having the right strategy in place on how to act in the immediate, medium, and long-term in the event of an inevitable attack or breach has already become table stakes.

Although many have suspected this has been common practice, this is the first time we have seen evidence of a hidden cyber tax being passed down to consumers rather than investors. So the big question consumers need to ask is why an attack on the supply chain caused by poor cyber security results in increased prices of the products they buy.

There is nothing new about security breaches, and we can expect our newsfeeds to continue to fill with similar stories throughout the next year and beyond. But will attitudes towards data breaches change significantly with the knowledge that, ultimately, it’s consumers who will be paying the price with compromised data and an invisible cyber tax? The only question that remains is whether you will continue to pay this hidden tax or if you will take your business elsewhere.

More from Cybernews:

Russian ‘conscription leak’ is likely a fake

21 hackers made over $1m on HackerOne

Can’t find these items? Scalper bots are to blame

Oracle cloud bug allowed accessing other users’ virtual disks

Hackers exploit Capital One to steal identities

Subscribe to our newsletter