Data breaches are getting more expensive. According to an IBM study looking at data from across the world, a breach can cost organizations an average of $3.68 million. “Mega breaches” on the other hand, can cost anywhere between $40 million and $350 million. Despite this looming warning, employees and small-to-medium sized businesses remain somewhat indifferent about network security.
Just last year, NotPetya rocked the cybersecurity world with its malware attack. According to the White House, NotPetya cost over $10 billion in total damages to various companies across the world. Full recovery from the incident took more than two months for Maersk, a Danish shipping company that was affected. (A company which, arguably, was not the hardest hit financially and still had some untouched domain controller data to reboot from. Many other companies were not so lucky.)
The message this record-breaking breach sent to the world was thus: this can happen to anyone at any time and on any scale. Corporations around the world are far too interconnected and information technology too complex to ensure security. Experts agree, there is no such thing as “100% security,” but the best way to defend your company is to educate yourself and your employees.
The End User Vulnerability
Surprisingly, IBM found that 60% of all digital attacks are due to staff members, mostly without malicious intent. Employees can be responsible for damage by falling for phishing scams, opening infected email attachments, using public Wi-Fi connections, or accessing compromised 3rd party applications.
According to Symantec research, 53% of employees reported using their own personal devices for work outside the workplace. Another 13% had “no idea” of the security status of their devices. 35% of employees haven’t changed their passwords in the last year. And a shocking 19% share their passwords with colleagues.
This behavior is especially dangerous for small businesses. Of whom, 60% are run out of business within the six months following a cyber-attack. Attacks harm reputation and deter customers from continuing business. A poll from IBM suggests that 75% of consumers in the United States would not do business with companies they believed were not taking adequate measures to protect their data. With 1 in 3 business owners without safeguards for cyber breaches, attacks like these could lead to a large market collapse in SMBs.
Companies must protect themselves by educating employees on their role in cybersecurity. IT departments should be empowered to hold regular meetings about cyber security, scam detection, effective password management, anti-malware updates, and other preventative measures. Lost/stolen devices and portable media should also be considered. Responsibility for security is often debated across workplaces, with AIR reporting that 53% of employees rely solely on app developers, services providers, and their IT department to provide security. This causes a large gap in defensive measures. Employees must know the impact they have on data security within a network.
Despite preventative measures in place, a data breach can occur. If NotPetya taught the technology world anything, it was that nothing can be certain when it comes to data safety. The best way to safeguard your company against attack is in fact to plan for it. You can use IBM’s Data Breach Calculator to explore how different variables can affect the cost of a breach, here.
Reducing the Cost of Data Breaches
In order to reduce costs of a data breach, studies have shown that incident response teams, customer trust, identity protection, and AI adoption have worked for over 500 companies who have been breached in the last few years.
A study found that an incident response team can reduce the cost of a breach “by as much as $14 per compromised record from the average per-capita cost of $148.” Also, “extensive use of encryption can cut the cost by $13 per capita.”
The total cost of a breach includes the cost of each lost customer due to a breach. Therefore, customer retention in the wake of a breach can save money on damages. Companies who deploy senior-level leadership such as a chief information security officer (CISO) or chief privacy officer (CPO) are less likely to lose customers. Customers relate this high-level involvement with trust. Those who do not have representation on a senior-level will lose more customers simply by not being proactive in their structuring.
After a breach, some companies offered customers identity protection and the results showed. There was higher retention among those companies with identity protection than those without. Studies found that turnover of just 4% of customers had an average of $6 million in losses. Meanwhile, those who were able to retain some and churn less than 1% lost a fraction with $2.8 million.
Contrary to beliefs about interconnectivity, artificial intelligence was actually proven to save companies money in the case of a security breach. AI security platforms use analytics, machine learning, and orchestration to help human responders contain and identify breaches. This could save companies an average of $8 per compromised record (which really adds up).
With cybersecurity reaching an unprecedented demand, the job market for cybersecurity is expanding rapidly. To help strengthen your company with the best in the industry, contact us here.