The cost of a data breach can vary but almost inevitably means a significant income loss to your organization. 60% of small firms go out of business within six months of a data breach and Congress found that over 14 million small businesses were hacked in the last year. This means that to protect your business, you need to protect your data.
What does “data breach” mean?
While you’re probably hearing the term “data breach” in the news, you may not be clear as to what it means other than “someone gets your information.”
More technically, a data breach is an incident wherein a malicious actor gains access to sensitive, proprietary, or confidential information without authorization. This may include trade secrets, customer information, information on business partners, legal and financial data, and more. Data breaches often affect more than just the business compromised, and impact external partners and customers leading to litigation, significant financial loss, and irreversible reputational damage.
What is “customer information”?
The specific definition of customer information, or customer data, varies depending on industry. In healthcare, for example, the term used is “personal health information” and refers to specific information including, among other things, test results or medical history that can identify a person.
In the financial and legal arena, customer information includes data such as accounts numbers, driver’s license information, social security number, address, and telephone number.
When this information gets stolen, your customers are at a risk for identity theft. When this happens, the cost of the data breach is not just in money but in trust.
How do data breaches occur?
With malware and hacking being the leading cause of breaches, you need to understand the tactics hackers use to protect yourself from the cost of a data breach.
How do hackers breach systems?
Hackers aren’t randomly attacking businesses.
Hackers first research for weaknesses to exploit. This can be employees, systems, or networks. Usually these weaknesses are widespread and common, so they can target a wide variety of businesses without having to focus on any one in particular.
Once they finish their research, they choose a weakness upon which to focus. This means that hackers know a certain system has a vulnerability. They can target this weakness many ways, including through Microsoft Word files or Adobe PDF files which offer a place to insert the malicious code.
After deciding which weakness they want to exploit, they send emails with attachments or put the code into websites that act as delivery services.
The next step is for the code to be triggered. This can be visiting the website or opening an attachment. That trigger installs the code on your computer.
This installation creates a hole or entry point to your systems that give the hackers access.
With this hole in your systems, the malicious actor can poke around in your data. Just like a remote IT help desk accesses your system and can manipulate the icons on your screen, the hacker has access but isn’t going to show you.
With all of this in place, they can take your data and then either hold it for ransom or sell it.
What are some famous data breaches?
In 2017, Equifax’s lax security opened up 143 million Americans to having their personal information stolen. As one of the three major credit bureaus in the US, the breach included social security numbers, driver’s license numbers, and addresses. The breach has led to discussions surrounding corporate responsibility and additional legislation to protect consumer information.
More importantly, within a week of the breach, technology experts were expecting the hack to lead to bankruptcy. Moreover, within that same week, twenty-three class action lawsuits had already been filed because not following security requirements opened them up to legal liability.
UK’s National Health Service
In May of 2017, WannaCry shut down the UK’s National Health Service. More than 300,000 computers were infected during the attack.
By July, Lloyds of London began suggesting that the attack could cost up to $53 billion, more than Hurricane Sandy had cost.
The June 2017 OneLogin breach caused a flurry of panic amongst users. The single sign-on and identity management company had a breach that allowed the hackers to decrypt customer data for its 2,000 companies.
Basically, OneLogin is a product that allows users to use one password for all their applications. The breach exposed the login and password information putting customer systems at risk.
In June 2017, law firm DLA Piper suffered a cyber attack that shut down its telephones and email systems. The web portal, that allowed access to client information, was also inaccessible.
For DLA Piper, reputation was the biggest cost. As a law firm who offers data protection review as a service, DLA Piper became a cautionary tale in hubris.
What is the financial cost of data breach?
IBM and the Ponemon Institute found an increase in the cost of a data breach for 2017. The per-record cost, or the amount of money for each piece of client data stolen, of a data breach was $154 and that the average cost of a single data breach rose to $.379 million. The cost of the per record breach was up 12% from 2016 while the cost for the single data breach had increased 23%.
While European countries saw a decrease in cost, US companies saw a rise. This difference directly correlated to regulatory requirements. In the US, compliance failures cost business 48% more than in European countries. Moreover, US companies paid over $690,000 on average to notify customers of a breach.
What is the estimated future cost of a data breach?
The average cost of a data security breach is only expected to increase. The cybercrime economy has created a cycle in which more sophisticated security products lead to more sophisticated attacks.
Cybercrime products, such as the sale of malicious software, are on the rise. This means that hacking tools and services are becoming easier to access, leading to more frequent attacks and a higher risk of being breached.
Why reputation risk may be the biggest cost of a data breach?
Your business is built on your reputation. You only hire the best employees. You only provide the best customer service. Your business relies on how your customers view you so that they recommend you to their friends.
First, when a data breach occurs, your customers go somewhere else. This is a direct loss in revenue.
Second, you need to be thinking about the loss of future revenue as well. This is the Facebook Effect. Think of how many people your current client base may be able to influence. According to research, each client will tell eight to sixteen people about what happened.
Those eight to sixteen people will tell another eight to sixteen, and so on. Research estimates that each affected customer influences forty to eighty customers. This means that if you even have ten customer files breached, that can lead to 800 lost customers. Now, multiply that by the amount of money each customer brings in annually.
These costs may seem unquantifiable, but they not only have a large impact but a far reaching one.
How to protect your organization from a data breach?
Education and multilayered protection are the basics of defending your business. Hackers are getting smarter. To continue to protect your organization, you need to understand the risks, methods of attacks, and learn where your sensitive data lives.
Just because you use cloud services, doesn’t mean you are immune to attacks. Once your device is compromised, attackers can often easily access cloud services and data. Staying up to date with patches is critical. One of the easiest ways for hackers to infiltrate your systems is for them to find a weakness in outdated software.
How Todyl can help
Continued system monitoring and staying up to date with the cycle of hack-security fix-hack is a lot of work when you’re running a business and trying to keep it afloat in this economy.
That’s why you need experts to provide the multiple layers of protection you need and someone can handle the monitoring for you. Todyl gathers information on hacker activity from across the web, and pushes real time updates across our unique Guardian security cloud making sure you’re protected against the latest threats. Other companies can take hours or days to update all their clients’ software, we do it before you even know it’s been done.
More importantly, we have intrusion prevention that blocks abnormal activity. Instead of waiting until after someone has intruded, we know that someone tried to hack in and stop them before it happens. We don’t just offer a wall to keep people out, we provide an army to seek out spies.