The Problem with Data Breach Fatigue
- Cayley Wetzig, Head of Marketing Communications
Data breach fatigue is a vicious and self-perpetuating cycle. Data breaches – unintentional leaks of sensitive information – have become so common that people are becoming numb to them and growing complacent with cybersecurity. This complacency then makes them more at risk of incidents. However, data breach litigation is on the rise.
The statistics are alarming. In 2021, around 85% of businesses experienced a data breach of some kind, and 40% experienced six or more. And data breaches exposed approximately 15 million data records worldwide, within the third quarter of 2022 alone.
Data Breach Fatigue Reasons
There are unending threats and threat alerts to take note of but when data breach fatigue kicks in, the overall vigilance isn’t keeping up. Cybersecurity practices have become slack, even when comparing pre- to post-pandemic levels. 58% of organizations report more cases of employees ignoring cybersecurity guidelines, along with accidental and improper employee data sharing since the pandemic.
Those figures track with decade-old trends. A high volume of data breaches or alarms saturates the mind with pessimistic news, which contributes to lowered confidence and less motivation  to act. Research into the impact of data breaches found that people respond with acceptance, apathy, and lowered engagement. Many don’t even change their passwords after being notified of a data leak.
That’s bad news. Lowered vigilance inevitably leads to more data breaches and slower detection times. Low employee security awareness is one of the two biggest cybersecurity threats. According to the World Economic Forum, more than 95% of cyber incidents are linked to human error. Plus, apathetic professionals or consumers are slow to detect, report, and contain data breaches. Throughout 2022, it took organizations an average of 277 days to detect and contain a data breach, according to IBM’s Cost of a Data Breach 2022 Report.
Data breach fatigue represents a critical security and organizational threat. Businesses that want to protect their data and maintain cybersecurity must account for this phenomenon.
Make Communication a Top Priority
Communicate, communicate, communicate, and maintain a high degree of cybersecurity awareness. Discussing cybersecurity guidelines, threat activity, and potential data breaches typically feels repetitive. But that’s exactly what needs to happen.
Clear communication is effective at preventing and mitigating cybersecurity incidents, creates habit and prevents data breach fatigue. Ensure that everyone within the organization is up to date and informed. Use language that’s factual and to the point, without relying on technical jargon.
Many people are inured to information leaks and cyber scams. Some completely ignore what’s happening, feeling powerless or ineffective. Others are uncertain of their responsibilities or authority in dealing with a situation. Others are unfamiliar with the resources and don’t know exactly where to turn.
Maintain ongoing dialogue on security protocols, responsibilities, and resources. This includes reminding people of basic steps, such as changing passwords and checking credit stores. It can also be helpful to give customers a step-by-step list of ways in which they can secure themselves and protect their information from fraud.
Don’t Ignore the Threat
Data breaches are damaging enough to impact core business outcomes. One would expect incidents to be taken seriously at all times. And yet, businesses tend to ignore them, especially when experiencing data breach fatigue.
Gaming giant, Electronic Arts (EA), ignored multiple warnings from cybersecurity researchers on critical vulnerabilities. Hackers gained their way in not long after. Target, a global retailer, ignored alerts, that it could have potentially stopped. Nortel Networks was hacked for years, while management failed to respond appropriately. Panera Bread ended up leaking 37 million customer records after ignoring a known security vulnerability for eight months.
Not all companies would ignore an active hack. However, data breach fatigue commonly leads to ignoring ongoing cybersecurity threats, alerts, and alarms. That’s dangerous.
An ignored threat can escalate or re-emerge later on. Insufficient threat response always increases the chances of a successful breach and the potential for criminals to do damage. Organizations that fail to respond appropriately pay heavy costs.
IBM puts the average cost of a data breach at $4.35 million worldwide and $9.44 million in the United States. Those costs include productivity losses, cost of response and recovery, reputational damage, and fines and judgments.
Consumers are aware of their legal privacy rights and beginning to go after businesses that have leaked records or compromised their privacy. Data breach litigation is one of the hottest legal trends. Healthcare provider Banner Health was recently ordered to pay $6,000,000 to victims of a 2016 breach.
Financial and reputational damages can make or break a business. Don’t be negligent with internal, customer, or public data.
Close the Awareness and Skill Gap
Here are the two biggest issues contributing to data breach fatigue and thus, poor cybersecurity: poor employee security awareness and insufficient cyber skills. The CyberEdge Group’s 2022 report specifically noted these as top recurring factors.
There are over 4 million unfilled cyber jobs, leaving many organizations struggling to attract and hire talent. Cybersecurity training took a dip during the pandemic, leaving the workforce sorely uninformed as even more threats emerged.
Did you know that over 50% of employees don’t believe they can compromise their phones by clicking a suspicious link? And 50% believe they should respond to a suspected social engineering email in order to confirm their suspicions!
The situation is dire, but fortunately, it’s fairly easy to mitigate both. Organizations can close the internal cybersecurity knowledge gap with training and advanced assessments to determine current needs. There is high competition for talent, but skilled professionals can be retained with specialized placement services or by retaining ongoing consultants.
Safeguarding Against Data Breach Fatigue
Cyberattacks and data breaches are so common, we’re beginning to grow numb to them- hence “data breach fatigue” has become a term. Disregarding basic security steps as threats increase doesn’t make sense. But that’s just human nature and data breach fatigue in a nutshell.
Never take internal breach fatigue, threat alerts, or incidents lightly. Even minor incidents can lead to sensitive information winding up on the dark web and available to criminals. And the consequences include financial losses, reputational damage, operational disruption, and legal action.
This level of diligence can be difficult for organizations to sustain. Sometimes you need outside help.
ThriveDX helps enterprises fight data breach fatigue with a suite of cybersecurity solutions that protect against the human factor to create end-to-end enterprise protection. Those include employee training, threat detection, and cyber personnel recruitment services.
Please contact us to learn more, or book a personal demo.
Protect Your Organization from Phishing
Explore More Resources
- Article, News
- Article, Blog
- Article, Blog
- Article, Blog
Your Trusted Source for Cyber Education
Sign up for ThriveDX's quarterly newsletter to receive information on the latest cybersecurity trends, expert takes, security news, and free resources.