The consequences of data breaches are severe and only getting worse. That’s the takeaway from a new study which shows just how painful leaks of sensitive information can be for everyone involved. More data is being compromised than ever before, and companies are paying the price.
Today, every company is a technology company.
While managing data via technology offers efficiencies and insights, this also means that every company is at risk of a data breach. Whether you’re a financial organization, governmental agency, or small mom-and-pop retail shop, anyone with sensitive data could be a target.
The consequences are getting more dire, too. This year, the global average cost of a data breach is up 6.4 percent to $3.86 million, according to a study conducted by the Ponemon Institute and sponsored by IBM. The average cost for each lost or stolen record containing confidential information also increased by 4.8 percent, up to nearly $150 per record.
And that’s only the average. At the top end are what the study calls “mega breaches”, involving between 1 million and 50 million lost records. In this stratosphere, the costs are said to range from $40 million to a whopping $350 million.
Straight from the source
To arrive at the findings, the study’s authors interviewed IT and Security professionals at nearly 500 companies that had suffered a data breach. They analyzed the many different costs associated with breaches, including incident investigation, recovery, legal and regulatory activity, PR to rehabilitate the brand, and lost business through customer turnover. Though less tangible, one-third of the cost can be attributed to lost business alone, according to the study.
Of course, the financial costs are not the only issue. There’s also the potential for reputational damage and legal headaches that can stretch far beyond the immediate consequences of a breach. Ultimately, the final cost can be hard to pin down. Dozens of factors affect the cost of a breach, and it’s impossible to know the total price tag until the dust settles—a process that can take years.
What is a company to do?
No matter what protection, encryption, or security controls your organization has in place, there's always a chance your sensitive information might be part of the next major data breach. Given this reality, it’s best to plan for a breach as though you know it’s going to happen. According to the study, there are a few things companies can do to minimize the damage if they do fall victim to a breach.
Act swiftly: All else being equal, the longer it takes to discover a breach and fix it, the more expensive it’s going to be. The study reports that the average time to identify a data breach is 197 days and to contain it is 69 days (both year-over-year increases). The research claims companies that manage to contain a breach in less than 30 days save over $1 million compared to organizations that do not.
Respond with Empathy: Place yourself in your customers’ shoes and understand their concerns. Address the situation openly and transparently, and know that many will be rightfully angry (and whatever you do, do not ignore or dismiss the situation and hope it goes away). Further, organizations that offered identity protection to impacted individuals retained more customers than those that did not.
Put the right personnel in place: When businesses hired a senior-level executive such as a chief privacy officer (CPO) or chief information security officer (CISO) to handle the situation and direct customer-trust initiatives, they lost fewer customers and thus minimized the financial consequences.
Trust in automated systems: Yes, this one requires forethought. In today’s environment, however, it’s required. Security systems can be automated, replacing or assisting human operators in the detection of a breach in the first place. It’s extremely important to ensure these defenses are kept up-to-date to respond to the latest security threats.
How LogicGate can help
If you want to avoid fines, customer churn, and reputational damage, you’ll need some help. LogicGate’s IT Risk Management platform is a robust, scalable system that automates risk management processes across your organization. Implementing a tool such as LogicGate can help your IT Security team manage critical assets, define potential risks, assess threat levels, and put processes and controls in place to mitigate those risks and threats. LogicGate empowers your organization to prepare for and protect against data breaches, ultimately reducing potential risks and costs, and enabling your business to focus on business.