The importance of data security in today’s widely connected business landscape cannot be ignored. This article explores just how much data breaches truly cost and how to prevent them.
With an increase in threats to compliance and the growing number of security breaches, many business leaders, like you, wonder about the real costs of cybercrime. Most organizations understand the importance of data security and regulatory compliance but are unable to protect their sensitive data based on best practices.
“Companies understand the threats they face from attackers that want to steal or damage their data but must do a better job of protecting against them if they are to avoid damaging losses. With sensitive data stored so ubiquitously in company infrastructures, the onus is on executives to ensure that it is properly shielded from unauthorized access,” said and excerpt from the NTT Communications Risk Value Report.
The NTT Communications Risk Value Report found that 25 percent of businesses understand the importance of data security, but still fully expect their company to face a data breach in the future. Now that the average cost of a data breach in the U.S. according to The Ponemon Institute is $8.19 million, businesses can afford to suffer from one. The United States currently has the highest average cost in the world.
Still, while many businesses claim to understand the importance of data security, just as many tend to take a reactive rather than a proactive approach to the matter. Next, we will explore the different types of breaches you will need to be prepared for, the real costs of a data breach to your business, and how you can take a preventive, comprehensive approach to security.
Types of Data Breaches
To truly appreciate the importance of data security, you will need to better understand the threats facing your business. Here are three of the most common types of data breaches and the threats they represent.
While often inaccurately portrayed in overly dramatic movie scenes, hacking still represents one of the most substantial risks to your data security. A look at Verizon’s 2019 Data Breach Investigations Report uncovers two prominent hacking variety and vector combinations. The more obvious scenario is using a backdoor or C2 via the backdoor or C2 channel, and the less obvious, but more interesting, use of stolen credentials.
Hacking is the unauthorized access to private information stored on a computer or network, but it comes in many forms, such as:
- Malware – Malware, or malicious software, is a general term for what many commonly refer to as a virus. You may have heard of the terms “worm” or “Trojan horse.” Simply put, malware is any software used to infect your system in an attempt to exploit your sensitive data. It is commonly delivered in unrecognized emails in the form of links or attachments.
- Ransomware – A form of malware, ransomware is deserving of its own mention as it is becoming one of the greatest threats facing businesses of all sizes. Ransomware is a virus that holds your critical information hostage until a fee is paid to get it released. Ransomware is estimated to cost organizations $11.5 billion globally in 2019.
- Phishing – Phishing also comes in the form of email, a reminder that your organization needs to ensure that your employees understand the importance of data security as well. Phishing refers to the process of a hacker acting as an imposter, referring you to enter confidential information into an illegitimate website or email form.
- Password Attacks – Password attacks are typically deployed by automated software that runs various combinations of characters until they gain access to a secure site. It is critical that all employees maintain highly secure passwords for this reason.
- Denial-of-Service – In a Denial of Service attack, a website is overwhelmed with data or requests until it eventually crashes. Denial of Service attacks are again at the top of action varieties associated with security incidents, but it is still very rare for DoS to feature in a confirmed data breach according to the 2019 Verizon report.
Lost or Stolen Hardware
With a much of the global workforce having taken to remote or mobile work, the importance of data security has never been higher. Every employee device represents an access point to your network and a threat to your data security.
In the event that these devices are lost or stolen, they provide anyone with malicious intent a way to access your critical data. All devices with access to your network should be encrypted and equipped with the ability to be wiped remotely.
Lost or misplaced assets, incidents are not labeled as a data breach if the asset lost is a laptop or phone, as there is no feasible way to determine if data was accessed. The Verizon report inferred data disclosure if the asset involved was printed documents.
Accidents and Malicious Insiders
Unfortunately, your own people are still one of the greatest reinforcers of the importance of data security. Internal errors commonly result in the accidental loss of sensitive data or the inadvertent broadcasting of that data via email or social media. Mandatory training on the importance of data security and proper security protocols can go a long way in avoiding these mistakes.
What is worse is that disgruntled insiders also represent a very real problem, and in most cases have the ability to cause significant harm. These can be some of the hardest cases to protect against since they typically have legitimate access at one point. Be sure to revoke all access upon the termination of any employee.
The motives for internal attacks are predominantly financial in nature, but employees taking sensitive data on the way out to provide themselves with an illegal advantage in their next endeavor are also common. According Verizon’s report, about 70 percent of data breaches from internal threats come from privilege abuse.
Know the Financial Costs of a Data Security Breach
As we increase data sharing and mobility, the importance of data security also increases. Attack tools and strategies today are more sophisticated than ever, making it easier to access your data. Cybersecurity incidents are commonplace, and any number of parties can initiate them such as cybercriminals, hackers, or malicious employees.
These security incidents can result from hacktivism, improper infrastructure, human error, or lack of proper training. According to a Ponemon Institute study, over half of all data breaches are the result of malicious intent or cybercrime.
As the IBM 14th Annual Cost of Data Breach Study notes, “the loss of customer trust had a serious financial consequences for the companies studies, and lost business was the largest of four major cost categories that contributed to the total cost of a data breach. The average cost of lost business for organizations in the 2019 study was $1.42 million, which represents 36 percent of total average cost of $3.92 million.”
Another major finding from the Ponemon Institute was that data breach costs impacted organizations for years. About one-third of data breach costs occurred more than one year after a data breach incident in the 86 companies they were able to study over multiple years.
While an average of 67 percent of breach costs came in the first year, 22 percent accrued in the second year after a breach, and 11 percent of costs occurred more than two years after a breach. T
Often Overlooked Costs
The complete financial costs of a data breach can be hard to quantify. Tangible assets are the easiest piece of the puzzle but consider other expenses such as lost future business and reputational damage. Intellectual property loss, downtime, and operational impacts affect the daily activities of an organization and make it unproductive.
Noncompliance is also a substantial financial factor. Breaches often bring attorney’s fees, prosecution, and penalties.
Each data breach accumulates costs related to investigation, response, notifications to regulatory organizations, victim identification, public response, victim outreach, and internal and external communication campaigns. Victims often require compensation, further reinforcing the importance of data security.
According to Darren Gibson, vice president of sales for the payment processor Financial Innovations Group, “If or when a merchant experiences a security breach and is found to be non-compliant with PCI, then they leave themselves open to fines from their acquiring banks. The fines, of which aren’t small either, depending on the circumstances of the hack a merchant may be forced to pay anywhere from $5,000 to $100,000 each month they remain uncompliant to the PCI Standards.” Many organizations are blindsided by the fines associated with regulatory settlements.
Take a Proactive Approach
In light of the mounting risks to data security and the expenses of a breach, every organization must make risk-aware decisions. The ultimate goal: mitigate risk without addressing every threat or vulnerability.
While you now understand the importance of data security, the majority of businesses do not have the budget to address every single threat to their system, so a strategic approach is essential.
So, where does one start?
It is essential to begin with an incident response plan. The same Ponemon report on business security found that having a dedicated threat response team reduces the per capita cost of breaches by $26.
- Encryption, which most regulatory bodies require, reduces costs by $19 per capita.
- Training continues to be a major weakness for companies large and small. Yet effective security training can reduce the financial implications of a breach.
The percentage chance of experiencing a data breach within two years was 29.6 percent in 2019, an increase from 27.9 percent in 2018. In 2014, organizations had a 22.6 percent chance of experiencing a breach within two years. As the likelihood of experiencing a breach increases, taking a reactive approach is no longer an option.
The Importance of Finding a Security Partner
The importance of data security, both in ownership and planning, cannot be understated. Know the true financial costs of a breach, both immediate and future. Educate your team about compliance and security to mitigate your risk effectively.
The best way to handle a data breach is to prevent it, but this is not always possible. LightEdge’s highly trained compliance and security experts take the guesswork out of keeping your business protected. Trust our expertise to ensure you are covered through our security and compliance services, including risk management, information security, audit preparedness, and support.
As a top-tier colocation services provider, we provide a high level of availability and reliability through secure, certified data centers and dedicated staff onsite. Our customized and scalable services give you the control, whether you need a colocation rack, cage, or custom suite now or in the future.
With geographically dispersed facilities across all of the US power grids, our data centers are the heart of our operation and yours. We have a wide range of colocation and disaster recovery solutions delivering advanced shared infrastructure designed to enable operational and financial efficiency, reducing the burden on your IT staff.
Customers turn to LightEdge to reduce risk of non-compliance, scale security, and for the predictably and cost-effectiveness. LightEdge provides customers with an extended team of experienced engineers and helps to focus resources on agility and differentiation. Are you curious how your current provider stacks up? Our security experts will provide a free security assessment to see how you measure up against the latest compliance and security standards. No risk, no commitment. Contact us today to get your free security assessment.
- How To Mitigate And Respond To Data Breaches
- Why Insider Threats Are The Biggest Danger To Your Data
- Top Network Security Threats And How To Prevent Them
- Cybersecurity Break Through Infographic
- Your Business Needs A Cybersecurity Break Through
- The Future Of IT Security: What To Know And How To Survive
- Here’s How To Develop A Cybersecurity Recovery Plan
- What Is Disaster Recovery As A Service (DRaaS)?
- How To Determine If Your Business Is PCI Compliant
- What All Healthcare Companies Need To Know About HIPAA Compliance
- PCI DSS Cloud Compliance: Your Guide to a Smooth Cloud Migration
- 6 Best Practices for Data Security in the Cloud Infographic
- The Best of Both Worlds: Colocation and PCI DSS Compliance
- Ultimate Guide to a Highly Compliant Cloud Environment