Risk Management · January 19, 2024

Are Data Security Breaches a Risk for Your Business?

When large swaths of sensitive data fall into the hands of criminals, it doesn't always make the news. In fact, data security breaches are far more common than many people realize, and businesses of all sizes are at risk.

According to Verizon's 2023 Data Breach Investigations Report, 58% of data security breaches in 2022 targeted businesses with fewer than 1,000 employees. The cost of a data breach can be immense, and the impact can be far-reaching—underscoring the importance of preventative measures.


The cost of a data breach

Data security breaches are costly for businesses and consumers alike. In the US, the average cost of a data breach surged to $9.48 million in 2023, according to IBM's Cost of a Data Breach report. Organizations with fewer than 500 employees shelled out an average of $3.31 million per data breach.

Impact of a data breach on companies

When a data breach occurs, the affected company must immediately take steps to secure its systems, divert resources to data recovery efforts, file reports with local or national law enforcement, investigate the incident and communicate the news to customers. The associated expenses—which often include legal support, forensics, data recovery assistance and public relations support—can be extensive.

Impact of a data breach on individuals

Data breaches often leave customers vulnerable to fraud for years afterward. Criminals may sell customer data on the dark web or use stolen customer information to commit point-of-sale or e-commerce payment fraud. Particularly sensitive information, like Social Security numbers, may be used to open new lines of credit. And because 52% of individuals reuse the same passwords across multiple sites, exposed passwords are often used to access more sensitive information, like bank accounts.

How to prevent data breaches

When it comes to protecting your business from data breaches, proactive planning is an essential first step for businesses of all sizes. The process of creating a cybersecurity plan may help you identify vulnerabilities, establish protective measures and create clear guidelines for your employees to follow.

In addition to maintaining a robust cybersecurity plan, businesses should consider the following recommendations.

Keep track of sensitive data and limit access

Company data is often shared and accessed across multiple locations, including the cloud. While convenient, this can lead to improperly tracking or mismanaging sensitive information. According to IBM, 82% of data breaches targeted data stored in the cloud, and 39% targeted data stored in multiple environments.

Knowing where data is stored and adding security measures—such as strong encryption and rules about who can access certain data—may help businesses better protect their sensitive information.

Employ threat detection and response tools

Cybercriminals look to exploit any vulnerability in a business's system. Having threat detection and response tools in place can help companies better monitor their systems and data for compromises or potential cyberattacks. Some security tools use artificial intelligence to analyze behavior patterns, identify suspicious activity and take preprogrammed actions to help prevent a costly attack.

Train employees to be vigilant

Even the best cybersecurity tools and software can fail if an employee unintentionally falls victim to a phishing attempt or another form of attack. That's why ongoing cybersecurity awareness training is critical. Cyberattacks often start as seemingly legitimate emails that appear to be from known contacts or familiar institutions.

By investing in ongoing training and promoting a culture of cybersecurity awareness, you can ensure your employees are well-equipped to help identify potential threats when they arise.

Create backups

Be sure to have data backups in place and keep them up to date. This way, you'll be able to restore your data if it's stolen or compromised. As a best practice, you should keep data backups in a separate, off-site physical location.

Consider cybersecurity insurance

Given the steep cost of security breaches and other cyberattacks, businesses of all sizes have started to evaluate the benefits of cybersecurity insurance. Many cyber insurance policies will cover the most significant costs associated with an attack, including data recovery, legal claims and system forensics.

The bottom line

Data breaches are targeted at businesses of all sizes and industries, and the costs associated with these and other cyberattacks can be immense. Understanding the risks and taking proactive measures to defend your data is crucial, and taking the time to create a robust cybersecurity plan is an important first step. In the long run, it's easier and more cost-effective to prevent a data breach than to recover from one.

Insurance products are not insured by the FDIC or any federal government agency and are not a deposit or other obligation of, or guaranteed by, any bank or bank affiliate.

This material is for informational purposes only and is not intended to be an offer, specific investment strategy, recommendation or solicitation to purchase or sell any security or insurance product, and should not be construed as legal, tax or accounting advice. Please consult with your legal or tax advisor regarding the particular facts and circumstances of your situation prior to making any financial decision. While we believe that the information presented is from reliable sources, we do not represent, warrant or guarantee that it is accurate or complete.

Third parties mentioned are not affiliated with First-Citizens Bank & Trust Company.

Links to third-party websites may have a privacy policy different from First Citizens Bank and may provide less security than this website. First Citizens Bank and its affiliates are not responsible for the products, services and content on any third-party website.

First Citizens Bank is a Member FDIC and an Equal Housing Lender icon: sys-ehl.

NMLSR ID 503941