
A recent report from IBM found the average cost of a data breach is now USD $4.45 million; for the healthcare industry, that cost rose to USD $10.93 million.¹ The financial and insurance services industries are not far behind and experienced almost three times the number of data breaches as compared to healthcare. Almost 95 percent of these breaches are financially motivated with organized crime behind 70 percent of them.² The costs do not include regulatory penalties or litigation.
Along with a record growth in data breaches, a remarkable uptick has occurred in the number of data privacy and data security state legislation introduced in the past several years, and the momentum continues to build. In the absence of a federal data privacy act with preemption, businesses need to agilely adapt to this patchwork of federal and state laws and regulations. In addition, we continue to see a steady stream of enforcement actions and class actions focused on data privacy and security. In some cases, a business cannot survive. A recent survey of 5,000 US and European businesses found that nearly one-fifth believed their company could not survive a cyber-attack.³
Our Data Privacy and Cybersecurity team of attorneys is ready to assist with key legal services:
- Data breach notification
- Cybersecurity compliance and litigation risk assessments
- Developing cyber compliance management systems
- Compliance testing
- Defense litigation
For more information, contact:
For further information on federal and state data privacy and security laws, visit our resources for Data Privacy and Security.
[1] Cost of a Data Breach Report 2023, IBM [2] 2024 Data Breach Investigations Report, Verizon [3] Hiscox Cyber Readiness Report 2023
Analysis
2024 Data Privacy & Security Roundup: New Laws, Regulations, Important Dates in 2025
New York Amends Data Breach Notification Requirements
Pennsylvania Amends Data Breach Notification Law
Rhode Island Enacts Haphazard Customer Data Privacy Law
Minnesota Becomes 18th State to Enact Comprehensive Consumer Data Privacy Law
Maryland Enacts Expansive Comprehensive Consumer Data Privacy Law