2018 Cost of Data Breach vs. Cybersecurity Response Plans and SolutionsData breaches cost businesses millions in damages and can seriously tarnish their reputation. Find out how to protect your enterprise from a costly breach with data security solutions and cyber threat intelligence. By: Secureworks
Now more than ever, enterprises have an obligation to handle the personal data of their customers. To complete numerous financial transactions or register for various services, people disclose their private information to enterprises with an expectation that they will protect their personal data. Unfortunately, personal information is valuable to malicious forces.
Criminals employ destructive cyberattacks to access this information. The breaches not only cost millions for companies to restore their databases to safe compliance but they also result in customers understandably feeling violated. Even the most prominent corporations have experienced data breaches. And the brunt of the blame always falls on the company.
Find out the substantial impact of data theft and how you can protect your enterprise with advanced cyber threat intelligence and response plans.
What is a Data Breach?
A data breach is an attack on a secure database that results in unauthorized access to financial, personal, and other private data.
Data commonly stolen from breaches include:
- Personal health information (PHI)
- Personally identifiable information (PII)
- Trade secrets and information
- Credit card information
- Social Security numbers
- Corporate information
- Software source code
What's the Average Cost of a Data Breach?
According to the Ponemon Institute's 12th annual “Cost of Data Breach Study,” the global average for a data breach is $3.62 million, but the average cost of a data breach in the United States has hit an all-time high of $7.35 million.
Here is the average cost per compromised record from a data breach segmented by the type of organization:
- National: $225
- Healthcare: $380
- Financial Services: $336
- Services: $274
- Life Science $264
- Industrial: $259
The main costs of a data breach include:
- Loss of customers
- Business disruption
- Regulatory fines
- Legal costs
- Public relations costs
- Breached client records
- Direct financial loss
- Notification costs
- Credit card reissues, identity repair, and credit monitoring
What are the Odds of a Data Breach?
On average, 1 out of 4 organizations experience a data breach in the United States and, globally, the average is 28%. Unfortunately, the likelihood of a breach increases every year. Criminals stole two billion records through breaches in the first half of 2017 compared to 721 million records in the last six months of 2016 (a 164% increase).
Enterprises rely more and more on their customers' digital information to facilitate services and maintain accounts. Taking proactive measures to protect and mitigate potential breaches is paramount because the monumental impact of a data breach scandal makes it hard for any enterprise to recover.
Data Breach Impact: Stock and Brand Consequences
The Ponemon Institute published an analysis of how data breaches affected companies. They summarized their findings in The Impact of Data Breaches on Reputation & Share Value: A Study of U.S. Marketers, IT Practitioners and Consumers. Their research shows a data breach usually results in a snowball effect of expensive consequences.
In 113 publicly traded companies surveyed for the study, the stock price immediately dropped an average of 5% following the disclosure of the incident. Although the average company experienced a decline in stock value, enterprises with effective cybersecurity and incident response protocol recovered significantly quicker than companies with poor security measures.
The stock prices began to recover an average of seven days following an incident when the enterprise had a superior response plan. Companies with lackluster incident response plans experienced a continued decline in stock that lasted an average of 90 days.
Trying to quickly implement a cybersecurity protocol after a breach is much more difficult because it takes time for security service providers to observe and plan for your specific enterprise. Just like you don't want to buy car insurance after you've already rear-ended another vehicle, you need to prepare your enterprise with proper cyber threat intelligence and response plan before it's too late.
Brand Value and Reputation
Out of the 548 consumers surveyed for the Ponemon Institute study, 71% believed organizations must control access to their information. In fact, new GDPR regulations require companies handling the personal data of European citizens to adhere to strict standards and punish violators with hefty penalties. Less than 50% of the CMOs and IT practitioners believe this sentiment. Once an enterprise publicly reports a breach, influential news organizations will most likely cover the scandal.
Enterprises will face a severe dilemma once customers publically air grievances through interviews and company reviews. 71% of CMOs believe the most significant cost of a security incident is brand value, which makes sense since articles and reviews will continuously affect brand value years after a scandal.
Branding equates to how much customers trust a company's intentions. It's the emotional connection a user has with a service; violating that trust results in detrimental and long-lasting impact.
Security Data Breach Notification Policy and Laws
Private and government enterprises are required, by law, to notify individuals involved in a security data breach. Policies and obligations for enterprises vary from state to state. Check the National Conference of State Legislatures for a full illustration of the legal actions you are obligated to take after a security breach.
What is Data Breach Insurance?
Data breach insurance mitigates costs associated with an attack, including public relations, legal, and identity protection services. Since a data breach can have a devastating impact on a company, insurance helps implement security measures necessary to minimize the damage from an attack.
Data Breach Response Plan: Penetration (Pen) Tests, Incident Response Plans, and Risk Consulting
Comprehensive cybersecurity awareness and cyber threat intelligence is the great way to outsmart and help protect your enterprise from malicious hackers. Since pernicious agents can attack using a variety of techniques and may employ tools from any country on the globe, diligent monitoring and response planning is not only suggested but an essential requirement for an enterprise to protect their customers.
To prevent an attack from a hacker, you have to think like a hacker. Cybersecurity providers use penetration tests to determine ways attackers can access your database or steal your customers' personal data. The Secureworks Counter Threat Unit™ (CTU) tests your cybersecurity and compiles findings to determine a strategy to help protect your most susceptible vulnerabilities.
A comprehensive risk consultation will help cybersecurity experts understand all the potential dangers your enterprise may face along with pen testing efforts. The first step is to assess your data security to see potential vulnerabilities and points of weaknesses. The next step is to enhance and design data-security solutions, so you have a better chance to halt hackers and protect your enterprise.
Cyber Incident Response Plan
An incident response plan is your plan to reduce the damages from a data breach proactively. If a room in a building catches fire, a proper evacuation procedure and rapid response from firefighters is paramount to halt further damage. Without a ready-set plan, people can get hurt, and the building can burn down completely.
Just like having an evacuation plan and firefighters ready to go, incident management is a comprehensive procedure to make sure your enterprise controls damages and, therefore, the costs of a data breach.
A cybersecurity incident response plan includes:
- Cybersecurity Risk Assessment
- Incident Response Plan Review & Development
- Incident Management Retainer
- Targeted Threat Hunting