The Rising Cost of Data Breaches: How Tech Companies Can Stay Protected

How would a $4.4 million loss affect your company? That’s the average cost of a data breach, according to IBM. Although data breaches have many causes and can affect businesses in any industry, tech companies are particularly vulnerable to recent cyberattacks targeting the technology supply chain. However, major losses aren’t inevitable. With a proactive and adaptive approach, tech companies can control their data breach risks and mitigate losses.

Tech Company Data Breaches

Data breaches involving tech companies can result in hundreds of thousands or even millions of compromised records. For example, PKWARE says 766,000 customers were affected by a data breach involving Motility Software Solutions, caused by malware, while a data breach involving Oracle Cloud compromised approximately 6 million records.

In some attacks, tech companies are a means to an end. A 2025 report from Intel 471 explains that extortion groups are targeting supply chains because it’s more efficient, scalable and profitable than going after individual organizations. By targeting a software provider or other vendor, cybercriminals can bypass cyber defenses and gain access to many downstream victims.

A recent incident involving Salesloft and its customers show just how serious supply chain cyberattacks can be. According to FINRA, threat actors stole OAuth authentication tokens and then used them to access customer environments. They succeeded in accessing Salesforce, Google Workspace and some Slack integration and were able to exfiltrate sensitive information. More than 700 organizations were ultimately affected by the attack. The attack targeted weaknesses in the Salesloft Drift chatbot, and it’s believed the attackers may have obtained tokens from previous phishing or social engineering attacks, allowing them to bypass multifactor authentication.

How Tech Companies Can Prevent Data Breach Losses

Data breaches can be extremely costly for tech companies. Beyond the direct expenses associated with investigating an incident, resolving the problem, and notifying those affected, tech companies may also face significant reputational damage and loss of trust. The good news is that robust, multilayered cybersecurity practices can prevent data breaches and mitigate losses.

1. Take precautions against non-hacker risks. Not all data breaches stem from cyberattacks. Some are the result of technical issues, such as vulnerabilities in API or cloud storage, or human error.
2. Consider the human element. Many attacks start with phishing messages, and now that cybercriminals are using AI, these messages can be more targeted and more realistic than ever before. Worker training can help with the identification of phishing messages, but training alone may not be enough. Other security measures, such as flagging external messages and requiring multifactor authentication, provide another layer of protection.
3. Continually up your defense. Secure configurations and cyber intrusion detection systems can help tech companies stay secure, but as attacks advance, defense measures need to advance, too. Right now, AI is giving companies a more effective way to monitor for and respond to threats. IBM says companies that use extensive AI in security lose $1.9 million less compared to companies that don’t use extensive AI.
4. Keep up with new trends in cyberattacks. It’s important to know what tactics cybercriminals are using now so you can be on guard. For example, hackers have been using email bombing or subscription bombing techniques to flood inboxes with emails, making it easy to hide important messages, such as account change notifications, that could alert the victim to a potential cyber breach.

Proofpoint says subscription bombing can flood inboxes with more than 1,500 emails per hour. If you experience an email bombing attack, it may be hiding a more sinister attack.

5. Assess the entire supply chain. Just as a data breach at your company could affect your partners and customers, any data breach involving one of your vendors could affect you. Review your contracts and insurance requirements to determine whether you’re managing your upstream and downstream risks adequately.
6. Main adequate insurance. For tech companies, both cyber insurance and tech E&O insurance provide critical protection. Review your coverage terms, including your limits, sublimits and exclusions. This will help you determine what coverage you have in place for various types of incidents, including ransomware attacks as well as social engineering attacks and data breaches stemming from human error or technical glitches.

Do you have sufficient insurance? Heffernan Insurance Brokers provides insurance for technology companies. Learn more.