What does a security breach really cost?

FBI Director Robert Mueller once said, “There are only two types of companies: those that have been hacked, and those that will be.”  Every business, no matter its industry or scale, is a potential target and unless there is a strong security culture in place, odds are that a breach will occur, causing a loss of information, leakage of critical data or direct financial fraud. We have witnessed organizations across finance, healthcare, governance, retail, transportation, energy and education targeted by cyber-criminals in the last one year alone.Ranging from personal details to business-critical data, a wide variety of information gets targeted in these cyber-crimes. At the same time attacks such as identity theft, phishing and ransomware directly attack for financial gain, causing individuals and businesses millions every year. A 2018 study by Ponemon and IBM estimated the global average cost of a data breach at over $3.86 million, a stunning 6.4 per cent increase since the last year. In 2018 alone, 2.7 Billion records of data were lost, suggesting 88 records were lost every second. Further, there was a 42% increase in detected ransomware variants between 2017 and 2018.While some kinds of losses are more tangible than the others, there are multiple ways in which a cyber-security breach could cost your business.

  • Data theft and leakage: Information is gold. Customer information, employee data, business-critical data and intellectual property – every form of information is in high demand in cyber-crime. In addition, there is the underestimated cost of discovery dwell time, which provides ample opportunity for the malicious party to spread the damage laterally and plunder the entire network and data, impelling a ripple effect that could potentially last years. HBO recently lost 1.5 terabytes of data, including TV show episodes, scripts, manager emails and some actors’ personal information. Over a series of information leaks of over 3 billion user accounts in 2013, 500 million accounts in 2014 and 32 million accounts in 2014, Yahoo! had to settle to be bought out by Verizon for $ 4.5 million instead of the $ 4.8 million.
  • Economic Impact: A recent Frost & Sullivan report estimated that a large enterprise in the APAC region, can potentially incur over 30 Million USD in cybersecurity breaches every year. Across 50 million records were expected to be compromised, leading to a direct financial loss of over $350 million. When Equifax, an American credit card company was hacked and personal data of customers was leaked, it led to hundreds of employees selling off company stock days before the breach was made public, causing significant financial damage.
  • Cost of breach response: Many nations have stringent regulations with respect to the need for public disclosure of a breach. The recent Dutch Data Protection Authority regulation in the Netherlands received over 20,000 breach notifications within the first year of its introduction. While policies like these improve the cybersecurity quotient of the country, they tend to cost businesses heavily when they fail to report a breach. For example, in Australia, the Notifiable Data Breaches (NDB) scheme introduced early last year, required businesses to inform individuals of personal information leaked during a data-breach immediately, failing which they could be fined as much as $ 2.1 Million.
  • A decline in productivity: An attack on business process information needs a company to take a break on their every business, and spend all their resources in fixing the breach. This not only affects their operational productivity but also hampers their innovation and research capabilities, setting back their growth by months. The F&S report also had one in six respondents report that their organization has put off digital transformation efforts due to cyber risks. When Sony was attacked in 2011, personal data and banking information of 77 million users was compromised. This forced Sony Entertainment to shut down operations for an entire month before the situation could be managed.
  • Loss of customer trust: Accountability builds businesses, and a cyber-attack could lead to a loss of customer trust and customer security, with instant effect and permanent damage. It has also been found that there is an additional element of an incremental reduction in stakeholder trust when a company is repeatedly exposed to cyber attacks. When Mariott’s reservation system was hacked in 2018, it was reported that over 500 million guests’ personal information was leaked. This incident was listed as the biggest data breach in the hospitality industry ever, leading to a loss of customer trust for the brand Mariott.

In any other scenario, when a business suffers a PR disaster, it indirectly benefits their competitor brands. However, cyber-attacks have the potential of destroying entire industries, when one company gets compromised. A good example of this is the cryptocurrency industry, that showed immense potential to revolutionize digital transactions. However, when businesses lost over 1.4 billion USD to cyber-hacks in 2018, the entire industry suffered a confidence loss. Today the industry is engaged with a lot of speculation by governments and individuals alike, despite fantastic opportunities.

Gartner estimates that by 2020, 60 per cent of enterprise information security budgets will be allocated for rapid detection and response approaches. But allocating budgets for corrective measures alone is not sufficient. It is critical that businesses adopt a culture of security, across all their business functions. Security needs to be prioritised at the level of product development itself, and with the involvement of developers, it needs to be imbibed into everyday work ethics.Entersoft works with global businesses in across Fintech, blockchains, IoT and SMAC to safeguard their information, assets and reputation against cyber-crime. We help identify bugs before they are public, fix them instantly, and build a secure environment so that you focus on innovation and growth.Speak to our experts to know how you could secure your business in the digital world. Write to us at info [at] entersoftsecurity [dot] com

Leave a Reply

Your email address will not be published. Required fields are marked *