In an alarming turn of events, over 1.7 million therapy logs from American patients were recently exposed online, including sensitive video session content. This incident raises a pressing question: why isn’t more being done to safeguard sensitive data?
The Growing Cost of Data Breaches
Recent statistics paint a dire picture of the consequences stemming from data breaches: In 2024 alone, the global average cost of each individual data breach reached a staggering $4.88 million, a 10% increase over the previous year and the highest total ever recorded. Globally, cybercrime costs are anticipated to grow by 15% per year. It is estimated that these costs will reach $10.5 trillion annually in 2025.
In the UK, fines for GDPR violations can reach up to £17.5 million or 4% of a company’s global turnover, whichever is higher. For American companies, the implications can be equally severe, with states like California enforcing strict privacy regulations that can lead to class action lawsuits and significant penalties.
While companies are investing record amounts in cybersecurity efforts, the threat of data being breached is still increasing. This is often because, even with cybersecurity strategies in place, there are still many risks surrounding conventional methods of communication commonly used by businesses such as emails, and online platforms such as Slack, WhatsApp, and Asana. For example, Gmail and WhatsApp users have recently been urged to ‘Act Now To Stay Safe’ after Meta confirmed a recent WhatsApp hack.
The number of companies affected by ransomware attacks is also increasing. In 2023, 73 percent of companies worldwide paid a ransom to recover data. In 2018 this figure was 49.4 percent, and gradually increased. Studies show that 80% of organizations that were impacted by ransomware decided to pay, despite many having policies against it. This often stems from the pressure to quickly restore operations and protect their reputation. The Veeam Ransomware Trends Report shows that, of the 960 organizations featured in the report, 201 of them (21%) were still unable to recover lost data, even after paying a ransom.
When organizations rely on passwords alone to protect sensitive data, they run a significant risk of data being exposed. A multifaceted approach to cybersecurity is not just preferable but essential for businesses to protect users, and business updates, and protect private information. Advanced cybersecurity efforts also help businesses avoid large fines, penalties, and the loss of users who may lose trust in platforms that are not secure.
Protecting Data
Recent examples of the catastrophic consequences businesses can face due to failing to protect data from online attacks and leaks include:
- In October 2023, personal genomics company 23andMe experienced a data breach where hackers accessed the profile and ethnicity information of approximately 6.9 million users. The compromised data included sensitive personal details. This raised significant privacy concerns. The breach led to a class-action lawsuit alleging negligence and invasion of privacy.
- In September 2022, Australian telecommunications company Optus suffered a cyberattack that compromised the personal data of 2.1 million customers, including identity documents. The breach led to a financial impact of at least $140 million to cover costs such as replacing identity documents, credit monitoring services, and an external review. The incident also resulted in significant reputational damage and customer dissatisfaction.
- In May 2020, Interserve, a UK-based construction and support services company, experienced a cyber attack that compromised the personal data of up to 113,000 employees. The Information Commissioner's Office (ICO) investigated the incident and, in October 2022, imposed a £4.4 million fine on Interserve for failing to implement adequate security measures. Additionally, Interserve reported spending £7 million on professional advisory fees related to the breach, bringing the total financial impact to over £11 million.
These incidents underscore the imminent need for more robust cybersecurity measures and prompt responses to data breaches to mitigate financial losses and protect organizational reputation.
aOK: Innovating Online Security
Fortunately, the tools and technologies to innovate online security exist and are available now, such as the technology made available by aOK. aOK is a secure communications channel for both businesses and users. aOK’s technology provides businesses with advanced security benefits as well as significant financial relief for businesses trying to stay safe online and avoid fines and heightened cybersecurity costs.
aOK, which is already being utilized by global brands to communicate securely, helps businesses add an extra layer of security to communications. Built on privacy-first infrastructure, aOK cannot monitor any communication between its users and does not store any personally identifying information on its servers, which means communications on the platform are both protected and secure.
Find out more about aOK here.
