Approaching 2025, it becomes crucial to review the advancements and various obstacles encountered in cybersecurity during the past year. Despite witnessing significant progress in security technologies and heightened awareness of emerging cybersecurity risks, 2024 served as a stern reminder that the battle against cyber criminals persists.
We’ve compiled the top five data breach incidents and industry trends of the past year, each offering valuable insights for organizations heading into the upcoming year.
Countless US residents have private data exposed
In a massive personal data breach on April 8, 2024, nearly 3 billion American citizens had their information divulged on the dark web. Even more alarming was the fact that all this data originated from just one source — National Public Data, a service specializing in background checks and fraud prevention based in Coral Springs, Florida.
The stolen data encompassed names, social security numbers, residential addresses, familial relations, and was put up for sale on the dark web for $3.5 million. Many victims remained unaware of the breach for several months, resulting in numerous class action lawsuits from twelve U.S. states. Subsequently, National Public Data has filed for bankruptcy.
Top 48 energy companies impacted by third-party breaches
A report by SecurityScorecard uncovered that 90% of the leading energy firms worldwide suffered data breaches stemming from third-party vulnerabilities. Many of these attacks were a direct consequence of the growing reliance on cloud services and third-party integrations in managing networked systems.
It was confirmed that the MOVEit vulnerability contributed significantly to the 264 individual breaches linked to third-party compromises. Given the vital role of critical infrastructure organizations in safeguarding public well-being, such breaches continue to pose a threat to public safety. Consequently, the energy sector has initiated stringent vendor assessments, continuous system and threat monitoring solutions, and more secure data transfer protocols.
Explore the Cost of a Data Breach Report
Financial institutions confronted with record-high data breach expenses post-pandemic
According to the IBM Cost of a Data Breach 2024 report, the financial sector witnessed a surge in data breach costs post-pandemic, averaging $6.08 million per incident. While various attack vectors contribute to this spike, IT failures and human errors play a substantial role in the problem.
While some enhancements have been made in threat detection and containment timelines, many financial institutions still face an uphill battle. Large-scale breaches in financial services are now expected to incur damages amounting to hundreds of millions of dollars, prompting organizations to invest more in robust identity and access management (IAM) solutions, AI-driven security measures, and dedicated incident response teams.
Annual data breach costs rise by 10%
The global average cost of data breaches witnessed a 10% year-on-year increase from 2023 to 2024, reaching a concerning $4.88 million. This average cost is influenced by multiple factors such as lost revenues, recovery expenditures, and regulatory fines.
Complicating this persistent trend, 40% of recorded breaches now involve data distributed across various public and cloud environments alongside on-premises systems. Resolving these extensive digital footprints incurs average recovery costs exceeding $5 million with a containment timeline averaging 283 days. Encouragingly, organizations leveraging AI-driven security workflows are experiencing significantly lower costs per breach at $2.2 million on average, indicating a positive trajectory in next-gen security strategies.
Half of data breaches attributable to staff shortages in security
The cybersecurity skills gap widened in recent years, with 50% of organizations reporting data breaches attributing them to insufficient staffing. The shortage of skills pertains to critical areas like cloud security, incident response, data analysis, and compliance expertise. Additionally, organizations increasingly require proficiency in security information and event management (SIEM) tools and active threat hunting.
To address the key personnel deficit, organizations are advised to focus on upskilling their current workforce. Modern businesses can also leverage essential soft skills like effective communication and adaptability to bolster their security teams.
Transitioning into 2025
The past year underscored that while contemporary cybersecurity tools and solutions enhance protection against a broader spectrum of threats, few industries and entities remain impervious to the ever-evolving landscape of cybercrime.
As we approach 2025, enterprises should prioritize a proactive approach to cybersecurity planning. This involves fine-tuning access restriction policies for in-house and remote teams, addressing critical staffing shortages, and fostering a stronger culture of security awareness within the organization.