What Is a Data Breach?

A data breach is a cybersecurity incident characterized by unauthorized data access. If private business information is mistakenly emailed to the wrong individual, that’s a data breach. If your work mobile device is stolen and can’t be wiped, that’s a data breach too. If a cyberattacker steals your data – you guessed it: data breach.   

 Since data breaches can be caused by mundane errors, you can bet they happen frequently. Therefore, let’s take a few short minutes to carefully answer your questions about what is a data breach, and talk about why breaches matter and how you can prevent them. 

TL;DR: A data breach happens when your data is accessed without authorization. Thank goodness there are relatively easy ways to prevent this! Learn more.

What Is a Data Breach?

In general, there are two types of data breaches: 

  • “Oops” data breaches happen when you or your staff make an unfortunate mistake, such as linking a confidential client PDF to your website instead of the eBook PDF you intended to link. 
  • “F***!” data breaches happen when you open your computer at 9:00 AM and your background image has been replaced by a message stating that your data has been encrypted and you have 72 hours to pay to get it back (ransomware). 

In each of these cases, the steps for managing a data breach depend on the type of data that is stolen. If Personally Identifiable Information (PII) like Social Security Numbers, birthdates, or other private information is accessed, along with a corresponding name, you’re required to follow a complex data breach notification process. 

Because of the extreme amount of sensitive data collected and held by hospitals and banks, a healthcare data breach and a financial data breach are going to be some of the most complex breaches to respond to. 

Why Do Data Breaches Matter? 

“Oops” data breaches may be relatively quick and easy to handle. “F***!” data breaches typically require an extraordinary amount of time and effort to fix. They’re extremely costly too. 

According to the Cost of a Data Breach Report 2021 published by the cybersecurity experts at Ponemon Institute and IBM Security, the average impact of a data breach includes:

  • Detection and escalation costs – identifying the breach, assessing its severity, and coming up with an action plan. Cost of a Data Breach states that it takes an average of 287 days to ID and contain a breach. 
  • Notification costs – calling in lawyers, regulatory agencies, and the FBI; informing breached people (if PII is exposed). Each exposed record containing PII costs an average of $180. If only 100 records are exposed, you’re paying an average of $18k for just one data breach. 
  • Downtime costs – time it takes to recover the data and repair the issue. More than one-third (38%) of the costs of a data breach arise directly from the impact of business loss. Plus there are the lost opportunity costs that come from a damaged reputation.
  • Post breach response costs – customer service calls, legal fees, regulatory fines, and implementing better cybersecurity policies and technologies after the fact. 

How to Prevent a Data Breach

The first step to preventing a data breach is to make sure all your employees can clearly answer the question, “what is a data breach?” Since your employees will always be your last line of defense against a cyberattack, they must be able to clearly identify a dangerous situation and understand when they’ve stumbled into an “oops” type of data breach. 

Cybersecurity tech is the other top way to prevent a data breach. 

Since the start of the pandemic lockdowns, we here at Interplay have been pushing the idea of Zero Trust security for remote workers. To put it very simply, Zero Trust is a cybersecurity method in which your company assumes all access points are compromised and therefore fully authenticates all devices before granting data access.  

According to the Cost of a Data Breach Report, companies that used a mature Zero Trust strategy experienced an average reduction of $1.76 million in costs for their breaches – so, although it takes a little bit of time to set up, Zero Trust definitely pays off. 

The other extremely important data breach prevention method is phishing awareness training for your employees. Phishing awareness training helps your staff understand what a phishing attempt looks like and uses repeated testing to help them better ID red flags and avoid falling victim to an attack. 

Again, the Cost of a Data Breach Report offers compelling evidence in support of phishing awareness programs: in 2021, 20% of data breaches were initially caused by compromised credentials – which are usually collected through successful phishing attacks. 

Other important tactics include:

Get Help Preventing a Data Breach

For 20 years, the friendly and knowledgeable team at Interplay in Seattle has helped business leaders across a range of industries get more out of their tech, stress free. Not only are we always (and we mean always) happy to offer the best managed IT services, support, and advice, we’re also the team you can trust for the best cocktail recommendations here in Seattle or in Disney World – we’re versatile! All humor aside though, we’d love to help you get your IT running smoothly and securely, around the clock.