Clif Boyer - Dec 07, 2023

How to Mitigate the Risks and High Costs of Data Breaches. Part 3

FIDO  Ransomware  Products  Disruptive Defenses  Cybersecurity ROI

This is the final installment of a multi-part series on the actual costs of data breaches and possible solutions that can be leveraged to protect your organization's data and bottom line. Read Part 1 and Part 2.

The Cost of Implementing SCA using FIDO™ for One Million Customers with StrongKey's FIDO Certified© Open Source FIDO Server

Implementing FIDO™ with StrongKey is not only cost-effective, but it also offers the advantage of being the only FIDO Certified© Open-Source FIDO™ Server in the world. With just a two-node cluster, organizations can manage millions of FIDO™ authentication keys effortlessly. The best part is that there are no hidden fees associated with per transaction price, allowing operations to scale without any additional costs.

To provide FIDO™ to one million customers, the solution would include two enterprise servers (which ensures high availability and disaster recovery) which include a FIPS 140-2 Level 2 certified Trusted Platform Module, or a Level 3 Certified Hardware Security Module (HSM). Bundled into this are smaller footprint servers for development, and support contracts that fit your specific organizational requirements.

According to IBM's Cost of Data Breach Report 2023, the average data breach cost in 2023 was $4.25 million. The cost of the StrongKey solution described above would be under $100k -- or just 0.023% of the average cost of a data breach. 

Small Investment vs. Breach Costs and Fines

While the average data breach cost in 2023 was $4.25 million, the reality of the cost is that it will range based on several variables which could make the cost fluctuate. For example, there are differences between industries: the average breach cost in healthcare tops out at $9.23 million and the lowest cost is in the public sector at $1.93 million. The highest industry segment costs after healthcare are financial services ($5.72 million), pharmaceuticals ($5.04 million), technology ($4.88 million) and energy (4.65 million).

An unfortunate variable that on average increases the cost of a breach is the remote working model, which as we all know surged drastically during the pandemic. Organizations with a home-based workforce have an average breach cost of $1.07 million higher than their office-only counterparts. In addition to greater costs, it takes longer to contain a breach when staff are working remotely.

In light of such staggering costs, it's natural to assume that it could never happen to your organization. But what if the cost of a breach was broken down by other factors? How about the kind of data most often attacked? In 2021 it was customer personally identifiable information (PII) at an average cost of $180 per record. How many PII records is your organization responsible for at this moment? If a company has only 10,000 records breached that is still a cost of $1.8 million. With any breach, lost business accounts for 38% of the overall average costs with a global average of $1.52 million. Lost business includes customer turnover, any lost revenue related to system downtime, and the cost of acquiring new business due to a damaged reputation.

FIDO Makes Passwordless Strong Customer Authentication Easier for Customers

One important breach variable related to the use of FIDO™ is the most common attack vector is compromised credentials (responsible for 20% of all breaches) with an average data breach cost of $5.01 million. This is followed by phishing with a price of $4.65 million. FIDO™ authentication prevents compromised credentials and phishing attacks by using cryptography keys and challenges to verify a legitimate user's request for access. Users prove their identity through their own device or biometric authentication. If the public key and user's key don't match, authentication is denied, preventing phishing or compromised credentials. Attackers can't manipulate the private key on the user's device or the public key needed for authentication.

A business or organization's true cost to any data breach is going to be expensive and the figures above were determined by an accounting method called activity-based costing. IBM identified four process-related activities that are generated from a breach and these include detection and escalation; notification; lost business and post-breach response. It is difficult to deny that everyone is vulnerable to some kind of cyber attack regardless of the form it takes. But perhaps the best way to mitigate the cost of any breach is to be proactive and take action prior to being attacked by investing in solutions that do not leave your employees, clients, and data open to being compromised.  And part of any solution should focus on the kind of Strong Authentication that FIDO™ can provide while reducing user friction.

About StrongKey

StrongKey is the leading provider of open-source strong authentication and data protection solutions. Founded in 2001, StrongKey helps FinTech, enterprise, pharmaceutical, manufacturing, and e-commerce companies protect their data. The StrongKey Tellaro is a comprehensive solution that delivers passwordless FIDO™ strong authentication, encryption, tokenization, and key management (including X.509 digital certificates). Unlike other security solutions, StrongKey provides its solutions with open-source licensing, thereby eliminating transaction, or per-user fees and making it one of the most cost-effective security solutions in the world. StrongKey Tellaro appliances use FIPS 140-2 Level 2 (standard) and Level 3 (optional) validated cryptographic hardware modules to secure the generation, use, and storage of cryptographic keys to comply with U.S. Federal regulations.

To learn more about StrongKey and our solutions, email us at