SME Data Breaches in 2021

Security words as a concept

A data breach is a nightmare for any company, and it’s one that more businesses in more industries are having to face today. About 85% of IT professionals foresee a data breach at their business in the next 12 months.

Cybercriminals are hungry for data that they can sell in the booming dark web data markets for a hefty profit, spawning an unprecedented increase in data-focused cybercrime that’s rocking businesses of every size and it isn’t going to stop anytime soon!

Top 10 SME Data Breach Statistics from 2021

  1. The number of recorded data breaches in 2021 has exceeded the total number of events 2020 by 17%, with 1,291 breaches in 2021 compared to 1,108 breaches in 2020
  2. More than 60% of breaches result from misused, stolen or purchased credentials
  3. An estimated 85% of data breaches involve a human element.
  4. Phishing is the top threat action that results in a breach
  5. The number of breaches that involve ransomware has doubled
  6. 34% of data breaches involve internal actors
  7. Over 80% of breaches are discovered by external parties.
  8. An estimated 36% of businesses worldwide had a cloud data breach in the past 12 months
  9. 74% of businesses in the United States have fallen victim to a successful phishing attack that resulted in a data breach in the last 12 months
  10. The US is the leader in phishing-related data breaches for 2021 so far, with rates 30% higher than the global average, and 14% higher than the same period in 2020.

The Cost of a Data Breach

In this year’s IBM Cost of a Data Breach Report, researchers determined that the average cost of a breach in 2021 is estimated at £3.1 million per incident, the highest ever recorded in the 17 years of the study.

The cost of a data breach can change significantly depending upon the initial attack vectors including the top three most common: compromised credentials (20% of breaches), phishing (17%) and cloud misconfigurations (15%).

The cost of a breach can be impacted by the type of data stolen or leaked, like customer personally identifiable information (Pii) – the most frequently breached and the most expensive at £125 per record.

The top country in the world for data breach costs in 2021 (so far) is the US with an average cost of $9.05 million.

Thanks to the hot market for COVID-19 data in 2020, medical data is in second place as the most desirable data to snatch, and healthcare at £6.8 million is the industry with the most expensive data breach costs.

Businesses that operate with 50% remote workers took an average of 316 days to identify and contain a data breach compared to the overall average of 287 days.

Companies supporting a remote or hybrid workforce experienced an increase of up to £750,000 more when a data breach occurred, with the highest rates of £3.5 million in comparison to £2.8 million.

Cloud Data Breaches

The State of Cloud Security 2021” Verizon report asked IT professionals about the circumstances that influence a company’s chance of a possible cloud data breach and these were the factors that they pointed to:

32% say too many APIs and interfaces to govern

31% cite lack of adequate controls and database oversight

27% point to lack of policy awareness around data security

23% blamed old-fashioned negligence

21% said they are not checking Infrastructure as Code (IaC) prior to deployment

20% admitted outright that human factors were at fault

Booming Dark Web Data Markets Drive Data Theft

Most Prevalent Types of Data Stolen in Breaches: 

Credentials: 60%  

Personally Identifying Data (PII): 40%  

Medical Data: 10%  

Bank Data: 10%  

Internal Data: 10%  

Payment Data: 10% 

Is Your Business Protecting Its Valuable Data?

Cybersecurity requires a multi-layered approach to fully protect your business.

Protecting your business Data is a critical priority for any business, not only form a regulatory stance (I.E GDPR, PCI-DSS etc) but also in protecting your customers and employees.

MSnet was founded with a passion to assist businesses from the threat of Cybercrime.

Our Mission is to empower businesses with the knowledge, Training and Services required in safeguarding them from Cybercriminal activity.

If you would like more information please reach out our team on 01489 539700 or use the Contact US button below