A data breach happens when someone who shouldn’t have access to information gets it anyway.

That’s it. The rest is just details about how it happened, what was exposed, and what it ends up costing.

The Two Types You’ll See Most

Accidental breaches are often internal. An engineer misconfigures an S3 bucket. A contractor emails a customer list to the wrong address. A database is left open with no authentication. The data leaks not because an attacker was clever, but because a system wasn’t locked down.

Intentional breaches involve an external attacker – or an insider acting deliberately. They get in through a phishing email, an unpatched vulnerability, stolen credentials, or brute force. Once inside, they look for the highest-value data they can find: passwords, payment cards, health records, trade secrets.

What Gets Stolen in a Data Breach

Not all breaches are equal. Here’s what attackers are usually after:

  • Credentials – usernames and passwords, especially reused ones
  • Payment data – card numbers, CVVs, billing addresses
  • Personally identifiable information (PII) – names, dates of birth, SSNs, email addresses
  • Health records – these fetch more on black markets than credit card numbers
  • Intellectual property – source code, proprietary research, internal roadmaps

Data Breach Statistics Worth Knowing

These numbers aren’t meant to scare – they’re meant to size the problem correctly:

  • $4.88 million – average total cost of a data breach globally in 2024, up 10% from the prior year (IBM Cost of a Data Breach Report 2024)
  • 194 days – average time to identify a breach, plus another 64 days to contain it (IBM, 2024)
  • 36% of breaches involved phishing as the initial attack vector (Verizon DBIR 2024)
  • 68% of breaches involved a human element – accidental action, misuse, or social engineering (Verizon DBIR 2024)
  • 2,000+ organizations had records exposed in the 2023 MOVEit breach, which is still generating litigation

The detection gap is the most expensive part. Breaches found within 200 days cost an average of $1.02 million less than those found after 200 days.

The Cost of a Data Breach: Where the Money Goes

When organizations calculate the cost of a data breach, they usually account for four buckets:

  1. Detection and escalation Forensics, crisis management, IT investigation. This is usually the smallest bucket but the one that determines how big the others get.
  2. Notification Legal reviews, regulatory notices, call center setup, credit monitoring for affected users. In markets with strict disclosure laws (EU, California, New York), this moves fast and gets expensive.
  3. Post-breach response Remediation work, system hardening, new tooling, staff retraining. This drags on for months.
  4. Lost business The cost most companies underestimate. Customers who leave. Deals that don’t close. Revenue that disappears while the company is in damage control mode.

Healthcare breaches cost the most by industry – averaging $9.77 million per incident in 2024 – because the records are high-value and the regulatory penalties are severe.

For the company: mandatory disclosure applies under GDPR (within 72 hours), US state breach notification laws (typically 30–60 days), and sector-specific rules like HIPAA. Failure to notify is often penalized more harshly than the breach itself.

For the people whose data was exposed: phishing attempts using their real information, account takeovers, and identity fraud that can take years to untangle.

The hidden cost is reputation. A company that discloses badly – slowly, vaguely, or after trying to cover it up – loses customer trust faster than the breach itself caused.

Three Questions to Ask About Any Breach

  1. What was the entry point? Credential stuffing, unpatched CVE, insider threat, or misconfiguration – the root cause determines the fix.
  2. How long was the attacker inside? Dwell time matters. An attacker in your environment for three hours is a different problem than one who was there for four months.
  3. Was data exfiltrated or just accessed? Some breaches involve an attacker reading data without copying it. Rare, but the regulatory and legal exposure is different.

Data Leak Prevention: What Actually Works

Data leak prevention (DLP) isn’t a product category – it’s a set of controls. The tools matter less than the decisions behind them.

Reduce the attack surface first. Most breaches happen because data was in places it didn’t need to be. Audit what you’re storing, where it lives, and who can reach it. Delete what you don’t need.

Enforce least privilege access. People should only be able to access data their job requires. Role-based access control (RBAC) is table stakes; review it quarterly, not annually.

Monitor egress, not just ingress. Most DLP tools watch for data going out – large file transfers, email attachments, USB activity. This is where actual exfiltration happens.

Require MFA everywhere. Stolen credentials are the entry point in a third of all breaches. MFA doesn’t stop everything, but it breaks the simplest attack paths.

Run tabletop exercises. Organizations that have practiced their breach response contain incidents 54 days faster on average than those that haven’t. Incident response is a skill, not a document.

What To Do If a Data Breach Hits You

  1. Contain first. Kill the compromised accounts, rotate secrets, isolate affected systems. Do not try to investigate while the breach is still active.
  2. Preserve evidence. Don’t wipe logs. You’ll need them for forensics, and regulators will ask.
  3. Notify the right people. Legal, your DPO (if you have one), and affected users – in that order.
  4. Do a proper post-mortem. Not a “lessons learned” slide. A root cause analysis with a concrete remediation timeline.

A data breach isn’t always a sophisticated attack. Most of the time, it’s a basic failure – no MFA, an unpatched dependency, a test database left exposed. The cost of a data breach comes not from the attack itself, but from how long it goes undetected and how poorly the response is managed.

Data leak prevention starts before there’s anything to contain.

Need help assessing your security posture before a breach forces the issue? Talk to the HyScaler team