We have all heard about data breaches and understand that they are quite damaging, but do we understand how damaging they are? A data breach is defined as “any security incident in which unauthorized parties access sensitive or confidential information, including personal data (Social Security Numbers, bank account numbers, healthcare data) and corporate data (customer records, intellectual property, financial information).” Some other phrases you might hear in place of “data breach” would be “security breach,” “security incident,” ”data leakage,” and “privacy violations.” Understanding the impact of a data breach will further reinforce the importance of adequately securing your organization's data.
Damage from being impacted by a data breach
Data breaches are both financially and reputationally damaging. According to IBM, the average cost of a data breach in 2024 was $4.88 million. Some contributing factors to this cost include legal fees, forensic investigations, further investment in cybersecurity remediation requirements, notification requirements, and regulatory penalties. Data breaches can also quickly affect the reputation of your organization. Customers may lose their trust and decide to no longer work with your organization, and publicity of the data breach can negatively impact your chances of gaining new customers and retaining current customers.
How this is relevant to the University of Maryland
Recent research shows that education/research is the most attacked industry in 2024, coming out to ~3,300 attacks per week. The University of Maryland is a well-known and accredited research and education institution, inherently making us a prime target for cyber attacks. The University of Maryland also conducts research with and for various federal agencies, making us even more of a prime target for hackers.
How to decrease the likelihood of falling victim to a data breach
No organizations are immune to the risk of a data breach, but there are plenty of ways organizations can prepare and protect themselves from being affected by one. Here are a few things that are recommended to decrease the risk of being affected by a data breach:
- Require strong passwords and multi-factor authentication to access your organization's network.
- Implement adequate encryption and firewall policies.
- Store sensitive data in a secured location.
- Regularly monitor your network and user activity.
- Limit data collection to only data that is necessary for your organization's operations.
- Maintain an inventory of where sensitive data is created and stored.
- Limit privileged access to only authorized employees. Regularly review user access permissions.
- Identify and remediate network vulnerabilities.
Depending on the type of organization, security requirements differ (ex., HIPAA Covered Entities vs. Non-Covered Entities have different regulatory requirements surrounding organizational security), but the need to protect oneself from data breaches remains constant. It is important to actively prepare for the possibility of a data breach affecting your organization. While it may require resources to help protect your organization from the possibility of a data breach, it will cost less than the financial and reputational damage that comes from being impacted by a data breach.