The importance of data security in today’s widely connected business landscape cannot be ignored. This article explores just how much data breaches truly cost and how to prevent them.
With an increase in threats to compliance and the growing number of security breaches, many business leaders, like you, wonder about the real costs of cybercrime. Most organizations understand the importance of data security and regulatory compliance, but are unable to protect their sensitive data based on best practices.
“Companies understand the threats they face from attackers that want to steal or damage their data, but must do a better job of protecting against them if they are to avoid damaging losses. With sensitive data stored so ubiquitously in company infrastructures, the onus is on executives to ensure that it is properly shielded from unauthorized access.”
The NTT Communications 2016 Risk Value Report found that 25% of businesses understand the importance of data security, but still fully expect their company to face a data breach in the future. Now that the average security breach costs $1 million, most organizations can’t afford such an occurrence.
Still, while many businesses claim to understand the importance of data security, just as many tend to take a reactive rather than a proactive approach to the matter. Next we’ll explore the different types of breaches you’ll need to be prepared for, the real costs of a data breach to your business, and how you can take a preventive, comprehensive approach to security.
Types of Data Breaches
To truly appreciate the importance of data security, you’ll need to better understand the threats facing your business. Here are three of the most common types of data breaches and the threats they represent.
While often inaccurately portrayed in overly dramatic movie scenes, hacking still represents one of the most substantial risks to your data security. Hacking is the unauthorized access to private information stored on a computer or network, but it comes in many forms, such as:
- Malware – Malware, or malicious software, is a general term for what many commonly refer to as a virus. You may have heard of the terms “worm” or “Trojan horse.” Simply put, malware is any software used to infect your system in an attempt to exploit your sensitive data. It is commonly delivered in unrecognized emails in the form of links or attachments.
- Ransomware – A form of malware, ransomware is deserving of its own mention as it’s becoming one of the greatest threats facing businesses of all sizes. Ransomware is a virus that holds your critical information hostage until a fee is paid to get it released. The total cost of ransoms in 2017 was over $5 billion.
- Phishing – Phishing also comes in the form of email, a reminder that your organization needs to ensure that your employees understand the importance of data security as well. Phishing refers to the process of a hacker acting as an imposter, referring you to enter confidential information into an illegitimate website or email form.
- Password Attacks – Password attacks are typically deployed by automated softwares that run various combinations of characters until they gain access to a secure site. It’s critical that all employees maintain highly secure passwords for this reason.
- Denial-of-Service – In a DOS attack, a website is overwhelmed with data or requests until it eventually crashes.
With a much of the global workforce having taken to remote or mobile work, the importance of data security has never been higher. Every employee device represents an access point to your network and a threat to your data security.
In the event that these devices are lost or stolen, they provide anyone with malicious intent a way to access your critical data. All devices with access to your network should be encrypted and equipped with the ability to be wiped remotely.
Accidents and Malicious Insiders
Unfortunately, your own people are still one of the greatest reinforcers of the importance of data security. Internal errors commonly result in the accidental loss of sensitive data or the inadvertent broadcasting of that data via email or social media. Mandatory training on the importance of data security and proper security protocols can go a long way in avoiding these mistakes.
What’s worse is that disgruntled insiders also represent a very real problem, and in most cases have the ability to cause significant harm. These can be some of the hardest cases to protect against since they typically have legitimate access at one point. Be sure to revoke all access upon the termination of any employee.
Know the Financial Costs of a Data Security Breach
As we increase data sharing and mobility, the importance of data security also increases. Attack tools and strategies today are more sophisticated than ever—making it easier to access your data. Cybersecurity incidents are commonplace, and any number of parties can initiate them—cybercriminals, hackers, or malicious employees.
These security incidents can result from hacktivism, improper infrastructure, human error, or lack of proper training. According to a 2016 Ponemon Institute study, half of all data breaches are the result of malicious intent or cybercrime, 27% are due to system errors, and 23% result from human error. These breaches cost $236, $213, and $197 per capita, respectively.
As the IBM 11th Annual Cost of Data Breach Study notes, “the average consolidated total cost of a data breach grew from $3.8 million to $4 million, and the average cost incurred for each lost or stolen record containing confidential information increased from $154 to $158. In addition to cost data, the global study puts the likelihood of a material data breach involving 10,000 lost or stolen records in the next 24 months at 26 percent.”
Often Overlooked Costs
The complete financial costs of a data breach can be hard to quantify. Tangible assets are the easiest piece of the puzzle, but consider other expenses such as lost future business and reputational damage. Intellectual property loss, downtime, and operational impacts affect the daily activities of an organization and render it unproductive.
Noncompliance is also a substantial financial factor—breaches often incur attorney’s fees, prosecution, and penalties.
Each data breach accumulates costs related to investigation, response, notifications to regulatory organizations, victim identification, public response, victim outreach, and internal and external communication campaigns. Victims often require compensation, further reinforcing the importance of data security.
According to Darren Gibson, vice president of sales for the payment processor Financial Innovations Group, “If or when a merchant experiences a security breach and is found to be non-compliant with PCI, then they leave themselves open to fines from their acquiring banks. The fines, of which aren’t small either, depending on the circumstances of the hack a merchant may be forced to pay anywhere from $5,000 to $100,000 each month they remain uncompliant to the PCI Standards.” Many organizations are blindsided by the fines associated with regulatory settlements.
Take a Proactive Approach
In light of the mounting risks to data security and the expenses of a breach, every organization must make risk-aware decisions. The ultimate goal: mitigate risk without addressing every threat or vulnerability.
While you now understand the importance of data security, the majority of businesses don’t have the budget to address every single threat to their system, so a strategic approach is essential.
So where does one start?
It’s imperative to begin with an incident response plan. The same Ponemon report on business security found that having a dedicated threat response team reduces the per capita cost of breaches by $26.
- Encryption—which most regulatory bodies require—reduces costs by $19 per capita.
- Training continues to be a major weakness for companies large and small. Yet effective security training can reduce the financial implications of a breach.
The importance of data security, both in ownership and planning, cannot be understated. Know the true financial costs of a breach, both immediate and future. Educate your team about compliance and security to mitigate your risk effectively.