According to the Breach Level Index, nearly 5 million data records are stolen each day, which equates to 58 records every second. Of course, these figures only account for known and reported breaches. While high-profile incidents involving household names like Equifax and Yahoo make headlines, smaller data breaches are often kept under wraps. Also, the full scope and impact of a breach are rarely known right away, and the aftershocks of a data breach can be felt for years.
So, what is the cost of a data breach? In terms of hard dollars, the 2017 Cost of Data Breach Study from the Ponemon Institute reports an average cost of $141 per data record. That’s the global figure. In the U.S., the average cost is doubled. Obviously, the more data records that are compromised, the higher total cost of the breach.
There are a number of factors that are used to determine how much a data breach would cost your organization, beginning with your location(s) and industry. You also have to consider a wide range of related costs, such as downtime, data recovery, incident response, notifying affected parties, compliance issues, implementation of new security measures and employee training.
One of the biggest costs of a data breach is customer churn, which tends to have the greatest long-term impact but can be difficult to quantify in terms of dollars. A recent survey conducted by Vanson Bourne found that seven in 10 consumers would stop doing business with an organization after a data breach. Ninety-three percent would take legal action or at least consider it. Two-thirds are worried that they’ll be victims of a data breach in the near future, and 62 percent believe the organization holding their data is mostly responsible for securing that data.
Organizations can minimize the cost of a breach by following cybersecurity best practices. The first step is to conduct a thorough risk analysis of all applications, systems and data. What is the potential cost of a breach for different types of data records in different systems? This analysis will drive your data breach prevention strategy.
Rather than buying a bunch of security tools, approach security strategically. Security should be ingrained in your organization’s culture from the top down. Educate all users about the impact of a data breach and the steps they can take to make the organization more secure. Poor password practices, the use of unapproved applications, and opening attachments and clicking links in emails from unknown senders continue to cause far too many data breaches.
From a technology standpoint, all data should be encrypted and access to data should be tightly controlled, using multifactor authentication and role-based permissions. Traffic should be monitored and filtered to block bad traffic from entering the network. Advanced endpoint security and management solutions should be used for all desktop and mobile devices. Use threat intelligence from reliable sources to inform your security strategy, and have all logs reviewed by security professionals to proactively identify vulnerabilities.
The true cost of a data breach can be difficult to pinpoint. However, too many organizations grossly underestimate the cost in terms of hard dollars, reputation and business disruption. Let us help you implement a strategy and the solutions required to prevent data breaches, reduce costs and maintain the confidence of your customers.