September 18th, 2019 by admin
As time marches on, cyberattacks grow more sophisticated, more malicious, and more widespread. And with advanced cybercriminals finding new ways into organizations, businesses of every size risk being attacked. So, today’s companies need to understand what the consequences will be if, and when, it happens.
The real costs of data breaches can be hard to quantify but here’s the latest research. Ponemon Institute cites $3.6M as the average cost of a data breach in its 2017 Cost of a Data Breach Study. What’s more, every single record breached costs a company an average of $141.00. For organizations storing and managing sensitive data records numbering in the tens of thousands or more, that’s a lot to lose and a very high price tag. These records could include medical, personal, or financial information, and map to a variety of industries such as healthcare, financial services and insurance, retail, legal, public administration, and more.
However, the costs of a data breach span an enormous range depending on a company’s ability or lack thereof to detect when data is being exfiltrated or destroyed, as well as its response once that’s determined. That can mean the difference between thousands of records becoming compromised or merely hundreds–which gives companies with effective detection and response strategies an upper hand once a breach occurs. The faster a breach is detected and secured, the better the result and quicker the recovery is for the business.
Some costs of a breach are quickly evident, such as the detection and escalation costs associated with the salaries and fees of the security teams required to perform investigations and forensics, the costs for public notification via public relations and press announcements, post-data breach response costs related to hiring an incident response team, and any necessary or required communications through phone calls and emails to those who need to know or might be affected. Depending on the circumstances, legal fees and regulatory fines and compliance penalties may become part of the equation too. Are you seeing the numbers add up yet?
Yet tallying the blow to company finances isn’t always clear at first. Business disruption can be hard to quantify. It may involve volatility in stock prices, a spike in the customer churn rate, increased costs to acquire new customers, and of course, severe damage to a company’s reputation and brand equity from which it may never recover. Not to mention myriad opportunity costs, from lost business caused by service disruptions to foregoing existing plans and programs to lead a swift and formidable response to mitigate damages once the breach is detected.
These costs can add up to breathtaking figures. In fact, for a few unlucky and unprepared companies they’ve topped more than $100 million.
Don’t take our word for it. Here are some high-profile data breach examples to jog your memory.
Equifax – (~$600 million): In the largest data breach of 2017, more than 145 million people (half of the U.S. population) had their personal information compromised. Included were names, social security numbers, birth dates, home addresses and, in certain cases, driver’s license numbers. The credit reporting giant has, in part, itself to blame. The breach occurred when cybercriminals exploited a known vulnerability that the company never got around to patching.
Making matters worse, Equifax’s response to the breach was wholly inadequate. In fact, it serves more as a warning of what NOT to do. Equifax failed to notify affected consumers in a timely manner, and then sent them to a new website operated by the company but not under its domain for information on opt-in ID protection services.
Merck – (~$300 million each quarter, potential to reach $1B): German pharmaceutical group Merck was victimized during the summer of 2017 to the tune of more than $300 million in quarterly losses by the NotPetya malware attack. As staggering as that amount is, NotPetya cost FedEx about the same figure in losses, and shipping giant Maersk nearly as much. As it did with these other victims, the insidious malware spread laterally across networks, encrypting machines’ entire hard disks by overwriting their master reboot records. The company’s manufacturing processes were affected for months. That meant Merck couldn’t produce its product in bulk, driving soaring opportunity costs.
City of Atlanta – (~$3 million and rising): The costs involved in the recent SamSam ransomware attack on the City of Atlanta’s vulnerable java-based servers are more in line with what companies typically face. While the city never paid any ransom, it allocated resources to a security solution for emergency incident response services, consulting services for cybersecurity crisis management, as well as public relations, among other expenses.
This attack is indicative of the fact that governments of all sizes are often vulnerable targets of cybercriminals. In Atlanta’s case, beyond the damage to its budget, citizens were unable to use the municipal website for weeks. The Department of Watershed Management couldn’t accept online or telephone payments for water and sewage bills, the Department of Finance no longer issued business licenses through its web page, and the Atlanta Municipal Court had to reschedule hearings and was unable to process ticket payments either online or in person. These are just some of the examples of the damages caused by the breach.
Organizations large and small in every industry are at risk of major breach. That’s why all companies need a SOC (Security Operations Center) and a security team well-versed in incident response. While a realistic proposition for large enterprises, other organizations aren’t so lucky.
Contact ICX today to determine your data breach threat level and let us come up with a strategy to protect your business and customers. Email firstname.lastname@example.org now or call 904-208-2195.
***Special thanks to our partner Arctic Wolf for providing this content. Learn more at https://arcticwolf.com.