Havoc-wreaking cybersecurity breaches — too often resulting in Herculean class action claims and settlements — are becoming a norm.

That’s an undeniable, pump-the-brakes problem, full stop.

On average, businesses are paying out millions of dollars at a minimum as bad actors continue to carry out their sieges; in recent years, the implications have become written more boldly on the wall, so to speak. According to the Harvard Law School Forum on Corporate Governance, “the first, second, and sixth largest data breach-related class action settlements of all time” literally took place this year (and it’s not even November yet). Cybercriminals are clearly becoming increasingly brazen with (and adept at) exploiting vulnerabilities, targeting high-value personally identifiable information (PII), financial data, intellectual property and frankly too much more.

This is serious, readers.

And the handling of a breach isn’t even where the challenges end; we’re basically at a point where execs can access myriad boilerplate-type internal and public-facing responses to scary-yet-now-commonplace data breaches, and that shouldn’t have become normalized. The complex interplay of hefty regulatory fines, legal settlements, long-lasting brand/reputational damage, and other disruptions spin a dangerous cycle wherein what one might consider “thorough professional clean-up” of an instance is no longer close to enough. Per IBM, the global average cost of a data breach has increased 10% in 2024, noting “the biggest jump since the pandemic,” and post-breach support and remediation drove this cost spike.

Furthermore, the bandwidth of incident response and public relations teams is being stretched thin as breaches’ root causes are investigated and substantial impacts mitigated. And while regulators are already serious about cybersecurity crackdowns that will ideally lessen future blows (i.e. in cases like Meta’s, Amazon’s or Equifax’s latest fines — $1.3 billion, $877 million and $575 million fines, respectively), there are still thousands and thousands of other affected businesses in the grand scheme of things that can’t nearly afford such stacked-up penalties. Recent IBM data puts the average cost of a breach at $4.88 million – with the average in the U.S. nearly double that at $9.36 million.

To this end, Erik Linask, our Group Editorial Director, recently mentioned how “While not every breach comes with a $100 million price tag, even a settlement of a few million dollars, or simply the loss of clients, reputation and business opportunity, can have absolutely massive impacts on smaller businesses. Many may even end up shutting down as a result. That’s a terrible prospect and it underscores the value of working closely with MSPs to ensure they have a resilient cybersecurity strategy in place.”

So, what specifically can be done?

Well, here are just a few recommendations to help reduce the cost and overall damage of a data breach, again courtesy of IBM:

• Know your information landscape. Most orgs distribute data across multiple environments (including on-prem data repositories, and both private and public clouds), but incomplete or out-of-date data inventories inherently delay efforts to discover what confidential data has been breached. Security teams should ensure they have comprehensive visibility into all these environments; that way, they can continuously monitor and protect data regardless of where it resides.
   
• Strengthen your prevention strategies with security-first approaches. (This goes doubly for those involving AI and automation.) As IBM states, “the adoption of generative AI models and third-party apps, as well as the ongoing use of Internet of Things devices and SaaS applications, are expanding attack surfaces and putting greater pressure on security teams.” Thus, proactively securing data and implementing responsible, transparent AI-focused strategies in tandem is a must.

• Level up your cyber response training. How businesses react and communicate during and after a breach — with business leadership, regulators and customers — matters more than ever. And so, to enhance their abilities to handle high-impact breaches, teams can “build up their muscle memory,” states IBM, “by participating in cyber range crisis simulation exercises.” Orgs are also encouraged to draft and invest in highly actionable response plans and then actually test them, rather than wait for something to go wrong. Data engineers can assist in preparedness, and rehearsed responses can help minimize breach craters, reduce stress, and support operational continuity

As mentioned, these are but a few lenses through which businesses can refocus their strategies through. Cybersecurity is, by every stretch of logic, a bona fide strategic imperative in today’s world. Investing in robust security measures and developing comprehensive plans are vital, but there’s always more to be done.

Read here for more IBM info on breach statistics and responses.