Cyber threats are growing more serious and complex. Recent reports show the average ransom demanded in attacks has now hit $1 million. The costs to recover can go as high as $1.5 million, and some organizations pay even more to get their data back. Beyond ransom payments, businesses face huge expenses from service disruptions, lost revenue, and regulatory fines. This reality highlights a key point for companies: most ransomware attacks happen because of vulnerabilities. Many organizations are attacked because they lack the right people or skills to defend themselves effectively.

The Scale of a Major Data Breach

One of the biggest data breaches in recent years involved Change Healthcare, a major healthcare tech company in the U.S. In 2024, the company was hit by a cyberattack carried out by the BlackCat hacker group. The attackers stole around 6 terabytes of data, affecting millions of patients, healthcare providers, and insurance companies. Change Healthcare provides vital services like claims processing, authorization, and eligibility checks. When the breach happened, the company had to shut down critical systems to stop the attack. This caused widespread disruptions in patient care, billing, and reimbursements across the country.

The cost of this breach was staggering. The hackers demanded a ransom of $22 million, which Change Healthcare paid. However, the total damage was much higher—over $1 billion in losses from downtime, recovery efforts, and rebuilding. Nearly 190 million Americans were impacted in some way, showing just how damaging these attacks can be. This incident also exposed serious weaknesses in security defenses, especially around threat detection and credential management.

The Root Causes and How to Improve Security

Investigations revealed that the hackers exploited stolen credentials to get into the system. Many of the compromised accounts didn’t have multi-factor authentication (MFA), making it easier for attackers to move laterally within the network and cause chaos. This highlights a common problem: organizations often lack the right tools or skilled staff to prevent, detect, and respond to cyber threats effectively. The landscape is changing fast, especially with the rise of AI, which can help identify threats and respond automatically. Features like ransomware rollback in advanced endpoint detection and response (EDR) tools could have minimized the damage in cases like Change Healthcare’s.

A strong cyber defense needs three key elements: protection, detection, and response. Protection involves implementing controls like MFA, Zero Trust access, and encryption. Detection means spotting unusual activity early, so threats don’t escalate. Response is about quickly isolating and fixing problems before they cause further harm. AI-powered security tools are helping organizations do all three more effectively by learning from vast amounts of data and acting automatically.

The Challenge of Building a Solid Security Team

Creating this kind of comprehensive security in-house isn’t easy. There is a global shortage of skilled cybersecurity professionals—more than 4.7 million jobs are unfilled worldwide. Threats are constantly evolving, and the costs of new technology keep rising. Many companies find it hard to keep up with the pace of change and the complexity of modern threats.

That’s why many organizations turn to specialized security providers, known as MSSPs, for help. These companies bring together advanced tools, expert staff, and proven strategies to defend against cyberattacks. For example, T-Systems is a trusted partner that combines human expertise with automation. Its Security Operations Centers (SOCs) and Managed Detection and Response (MDR) services monitor systems around the clock, using AI analytics and threat intelligence to catch attacks early. This partnership helps CISOs stay ahead of cybercriminals, meet compliance standards, and turn security from a cost into a strategic advantage.

The future of cybersecurity is moving toward more AI integration, but many organizations worry about how to do it securely. Learning about best practices and partnering with experts can make a big difference. Protecting data, detecting threats early, and responding swiftly are the keys to staying safe in today’s dangerous digital world.

Inspired by

• https://www.computerworld.com/article/4085942/when-threats-escalate-cisos-need-to-call-in-the-cavalry.html

Sources

• gmpg.org
• sophos.com
• hyperproof.io
• deepstrike.io
• t-systems.com