The data breaches in the first six months of the year (2017) came from a variety of sources. But in a major twist, the biggest source of lost records via data breaches was accidental loss and/or inadvertently leaving data exposed.
Most organizations have no idea how data breaches can cost so much! Follow IBM Security and Ponemon Institute report in 2017, the global average cost of a data breach is $3.62 million
Most data breaches continue to be caused by criminal and malicious attacks. These breaches also take the most time to detect and contain the threat and have the highest cost per record.
10 main costs of a data breach are listed below.
The mean number of days to resolve cyberattacks is 46 at an average cost of $21,155 per day – or a total cost of $973,130. Resolution does not necessarily mean that the attack has been completely stopped, as some attacks remain dormant and undetected.2
Loss of Customers
Of 2,000 adults interviewed in the U.S. this past April by independent technology market research specialist Vanson Bourne, 76 percent said they would move away from companies with a high record of data breaches.
On an annualized basis, business disruption accounts for 39 percent of total external costs, which include costs associated with business process failures and lost employee productivity.3If a business gets disrupted during its busy season, the cost could affect more than half the business’s annual income.
There could be fines from the Federal Communications Commission (FCC), Federal Trade Commission (FTC), Health and Human Services (HHS) the Payment Card Industry Data Security Standard (PCI DSS) and other regulatory agencies.
Three lawsuits were filed against Anthem less than 24 hours after it disclosed a breach. Target Corporation, Home Depot and Sprouts are but a few of the numerous organizations that have had class-action lawsuits filed against them in relation to a data breach. Some companies have had to pay upwards of $10 million to settle and those costs don’t include charges paid to their legal teams.
A breach entails harm to an organization’s brand and reputation, contact with the media, increased customer acquisition activities and diminished goodwill. Normally a PR call center will need to be established to keep the media, victims, stakeholders and employees informed of the aftermath.
Breached Client Records
The average cost for each lost or stolen record containing sensitive and confidential information increased from $217 from the 2015 study to $221 this year.4 The 2016 Cost of a Data Breach U.S. study examines the costs incurred by 64 U.S. companies in 16 industry sectors after those companies experienced the loss or theft of protected personal data and then had to notify breach victims as required by various laws. The study does not include cases involving more than 100,000 compromised records to avoid skewing the results.
Direct Financial Loss
Once attackers breach your network, they may be able to obtain access to your financial accounts to wire money to accounts they control.
Forty-seven states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring private and public sector entities to notify individuals of security breaches of information involving personally identifiable information. Regulations such as PCI and HIPAA, also require disclosure to consumers whose data has been breached. There’s the cost of postal expenditures, secondary mail contacts or email bounce-backs and inbound communication set-up. This year’s average notification costs increased slightly from $0.56 million in 2015 to $0.59 million so far in 2016. Notification to individuals must be by first class mail unless the individual has agreed to electronic notice.
Credit Card Reissues, Identity Theft Repair and Credit Monitoring
A report from the U.S. Consumer Bankers Association (CBA) indicates that re-issuing cards affected by the Target data breach cost over $172 million. Identity theft repair and credit monitoring cost about $10 per victim.
Certain factors reduced the cost of data breach. Having an incident response plan and team in place, extensive use of encryption, employee training, Business Continuity Management (BCM) involvement and extensive use of data loss prevention technologies are viewed as reducing the cost of data breach.
This webinar is an overview of the ISO 27001 implementation cycle and other complimentary ISO standards. The practical tips on implementation will give solutions to your challenges and help you acquire a better understanding of its complexity. You will know from where to start and what you need for a successful implementation.
Here is the list of the presented subtopics:
- ISO 27 000 family of standards .
- Which are the main steps of ISMS implementation?
- ISO 27001 documentation
- How to convince the management?
- How long does it take?
- What are the cost?
- How to approach the implementation
- Biggest challenges in ISO 27001 implementation
Free register at HERE
IBM Security and Ponemon Institute are pleased to present the 2017 Cost of Data Breach Study. This year’s study reports the global average cost of a data breach is down 10 percent over previous years to $3.62 million. Checkout bellow for more detail report.