Skip to content

What Is a Data Breach? (+Cost, Causes, and Protection Methods)

August 9, 2019

It may seem scary to think about, but hackers are always finding new ways to access our personal data.

It doesn’t matter who you are, where you live, or what industry you work in, a data breach can be just around the corner. Because of this, it’s more important than ever before to take cyber security practices seriously so that we don’t fall victim to a breach.

The first step you can take in protecting yourself against hackers and those with malicious intent is to learn more about data breaches. There’s no time to waste, so let’s get started.

Need to know something specific about data breaches? Jump ahead to:

Cost of a data breach
Causes of a data breach
How to protect yourself from a data breach

Data breach 101

Before we can go into too much detail about the ins and outs of a data breach, let’s first define exactly what it is.

We’ve been hearing the phrase a lot in the news lately, as it seems we can’t go more than a few weeks without another high-profile company missing the mark on their data security efforts only to experience a breach in security.

Biggest Data Breaches to Date

No matter your industry or country, businesses are attacked by hackers and data thieves daily. Cyber threats will only grow more severe as time goes on, so it’s in your best interest to fully understand the cost, their causes, and how to protect your data.

Cost of a data breach

Regardless of the industry, a data breach will cost you a pretty penny. In fact, a study conducted by Ponemon Institute cited the cost to be $160 per stolen record or $4 million for the average breach.

Why are data breaches so costly? Typically it’s because the damage from the breach isn’t limited to just one aspect of the company. A malicious act, like stolen data, can create liabilities in a multitude of areas.

Legal costs

If your company has experienced a data breach, it’s only a matter of time until you’re going to have to handle legal settlements. In recent years, when companies like Target, Home Depot, and Neiman Marcus experienced a data breach, they ended up needing to pay tens of millions of dollars in class action suits and settlements with banks.

Whether it’s an individual lawsuit or a private settlement, plus the cost of hiring attorneys, your company’s legal costs could be much higher than you’d expect.

RELATED: Interested in making a career change? Check out these 8 in-demand cyber security jobs.

Related content: 8 In-Demand Cyber Security Jobs →

Loss of business

While the cost of a company’s payout for lawsuits and government fines may be what you see in headlines, the true cost of a data breach is what goes on behind the scenes.

Many components go into the loss of your business, including customer turnover, system downtime, business disruption. The bad publicity and loss of customer trust can hurt company sales for years to come. While large companies that are a household name may be able to survive a couple of bad years, smaller businesses can be forced out of their market by a data breach.

Cost by industry

Certain industries need to be more vigilant in their preparation efforts for a data breach. For instance, a data breach within the healthcare sector is bound to cause more financial damage than in other sectors. In fact, healthcare is leading the cost of a data breach by industry.

Average Cost per Record of a Data Breach by Industry

The average cost per stolen record in the healthcare industry is $355, with the average being $158.

Cost by country

Another important factor to consider with the cost of a data breach is the country in which they happen. It should be no surprise that the United States is leading in average cost with $7.19 million, considering it’s also the country where the most data breaches occur.

Average Cost of a Data Breach by Country

Causes of a data breach

When you know what can potentially cause a data breach, you’re one step closer to preventing one and further safeguard private information. Data breaches can occur for several different reasons, including on accident, but targeted attacks are most common. Let’s break down some of the most common causes of a breach in data.

Stolen credentials

A weak, stolen, or lost password is one of the easiest ways a hacker can begin a data breach. This type of vulnerability is often exploited, especially if the password contains whole words or phrases. Data security experts know the importance of creating a strong password that is both unique and complex to avoid a data breach.

Application vulnerabilities

Hackers are often able to exploit software applications that are either poorly written or have network systems that are poorly designed or implemented. These vulnerabilities leave holes that hackers are able to utilize to go directly to the source of the data.


Malicious software, also known as malware, is not only a problem for personal computers but also entire company systems. Hackers use malware to cause a data breach by making minor modifications to existing malware programs, making them unrecognizable to antivirus software.

RELATED: Unsure what antivirus software your company should be using to stop a data breach in its tracks? Check out this list brought to you by G2!

See the Highest-Rated Antivirus Software →

Hackers create and use malware for two main reasons: money and the desire to wreak the most havoc. Common types of malware include viruses, worms, trojans, adware, spyware, ransomware, and bots.

Social engineering

Another cause of a data breach is when a hacker persuades someone with a legitimate claim over data to simply hand it over, which is social engineering. A hacker will select their victim, spend time researching them, then use what the discover to build and develop a relationship with that person. Then, they exploit that relationship for their own malicious benefit.

Hackers who specialize in social engineering are professionals at manipulating human feelings, like curiosity and fear, to carry out cyber attacks. They can use psychological manipulation to trick others into making security mistakes or giving up their sensitive and personal information. Common types include baiting, phishing, vishing, scareware, and pretexting.

Insider threats

All it takes is one rogue employee or disgruntled contractor to be the cause of a data breach. This is called an insider threat, which is a breach of security that begins from within an organization. These threats usually happen through a current or former employee who has inside information regarding security practices, data and computer systems.

Insider threats cause a data breach when the person who has authorized access misuses it to negatively impact the organization’s critical information or systems.

Physical theft of a device

Last but certainly not least is the actual theft of a device that holds sensitive information about your company or your clients. This includes devices like a laptop, desktop, smartphone, tablet, or even servers.

How severe the data breach will be in this situation is going to depend on the information being stored on the device. This kind of threat is also difficult to predict and the only real preventative matters you can take is increasing your awareness of your devices locations at all times.

TIP: Endpoint protection can secure sensitive data that's at risk of being stolen in the case of a physical theft of your device. Read everything you need to know here to ensure you're fully protected. 

Protect yourself from a data breach

To ensure a data breach doesn’t happen to you, there are certain steps you can take to protect yourself and your personal information.

  • Use strong passwords
  • Monitor your bank and other financial accounts
  • Only use websites supported by an SSL certificate
  • Backup your files
  • Secure your phone
  • Eliminate all instances of shadow IT
  • Utilize high-quality security software
  • Don’t overshare on social media
  • Use identity theft protection

You could be next

Okay, I’ll quit it with the dramatics. But unfortunately, the truth is that no one’s data is safe from a potential breach. If it could happen to top-tier companies within their respective industry, it can happen to you. The best thing you can do is arm yourself with the knowledge on data breaches so you can take the necessary steps to safeguard your data.

Already experience a breach in security? Learn what you should do to recover from a cyber attack.

Get 50+ cyber security resources, FREE.    Get my resources →

Never miss a post.

Subscribe to keep your fingers on the tech pulse.

By submitting this form, you are agreeing to receive marketing communications from G2.