We tend to use the terms interchangeably, but it’s important to know how to protect your company against both types of cyberattacks.
Cyberattacks were up in 2019—32% of organizations reported more attacks than in the previous year, according to cybersecurity firm Herjavec. Those stats aren’t trending downward anytime soon, either: This chart illustrates how much cybercrime has risen over the past two decades, with breaches and hacks targeting not only small businesses, but also some of the largest tech and media companies in the world. An expanding remote workforce, plus a growing number of places online where we’re sharing sensitive information, means that bad actors (aka hackers, not your friends from theater camp) are having a field day.
Though we often conflate “data breaches” and “hacks,” the two terms have distinct meanings. Below, we break down both kinds of attacks and their financial impacts on data-driven companies so you can stay ahead of the game.
A hack is an intentional attack to gain unauthorized access to a device, server, or another protected IT resource. The purpose of a hack is to compromise the system’s availability, integrity, or confidentiality.
The attackers’ most common tools are stolen or brute-forced credentials, vulnerability exploits, and backdoors. Carried out by a single person or an organized group, hacks can be as simple as a social media account takeover or as complex as a targeted attack on a supply chain.
A data breach is a security incident that results in the confirmed disclosure of sensitive data—such as personally identifiable information (PII), login credentials, or intellectual property—to an unauthorized party. A data breach can be the result of a hack, another type of attack such as malware, or an error such as unintentionally leaving data in an unsecured environment.
The numbers don’t lie, though in this case, we wish they would, just to soften the blow. Cybercrimes cost an estimated $945 billion in 2020 (about 1% of the global gross domestic product), up from $600 billion in 2018. Organizations spent another $145 billion on cybersecurity—bringing the total cost to $1 trillion for the year. The most expensive malicious data breaches are those that are the result of compromised or stolen credentials, costing nearly $1 million more than the average data breach ($3.86 million).
Aside from financial costs, there is much more at stake for companies after a cyberattack, including their reputation. Here are the many ways companies may be impacted: