Why the cost of getting hacked is higher than ever

The Colonial Pipeline ransomware hack disrupted the flow of fuel in the US for days.
The Colonial Pipeline ransomware hack disrupted the flow of fuel in the US for days.
Image: REUTERS/Kevin Lamarque
We may earn a commission from links on this page.

The economic pain caused by cyberattacks hit an all-time high during the pandemic, according to an IBM report released today (July 28).

For the past 17 years, software giant IBM and the Ponemon Institute, a cybersecurity research group, have been tracking the average cost a business incurs when it faces a data breach, including lost business, regulatory fines, and the costs involved in rooting the hackers out of the network. Between May 2020 and March 2021, that price tag rose to a record-breaking $4.24 million.

The average cost of a data breach had been relatively stable in the years leading up to the pandemic, hovering around $3.8 million since 2015. But as Covid-19 cemented its grip on the globe last year, the cost of being hacked rose nearly 15%—the highest year-over-year increase in IBM’s dataset.

For hackers, business has been booming during the pandemic. Cyber gangs have capitalized on the chaos and desperation of the past year and a half to perfect the art of ransomware—a type of attack in which hackers lock up a company’s data and demand a fee in exchange for its safe return. Many of these groups operate under the benign neglect of permissive host governments, which have given criminals free rein to expand and professionalize their operations so long as they focus their fire on foreign adversaries.

Healthcare hacks have been one of the biggest contributors to the rising cost of data breaches. The healthcare industry has always been a juicy target for hackers, because it collects a vast amount of deeply personal information—including patients’ health status, financial records, and identity documents—all of which could be used for lucrative ends like identity theft, credit card fraud, or blackmail. But lately, hackers have also been able to use the threat of shutting down hospitals in the midst of a public health crisis to extort them for ransoms.

The white-collar world’s frantic shift to remote work has also left businesses more vulnerable to cyberattacks. Hackers are probing vulnerabilities in IT networks that have been reconfigured on the fly to allow employees to work from home. When cybercriminals found a weakness in remote work setups, IBM reported, the cost of the breach was almost 28% higher on average.