How Much Does a Data Breach Cost? The High Cost of Inaction

By Dolly Krishnaswamy

Posted on Jun 26, 2018

Media attention to high profile breaches has left consumers questioning whom they can trust. According to Privacy Rights Clearinghouse's Chronology of Data Breaches, the total number of records breached containing personal and other sensitive data was 1,946,181,599 between Jan. 1, 2017, and March 20, 2018. As consumers become more aware of threats to their information, they need reassurance from you. Without proper cyber security monitoring to mitigate information security risk, you risk your organization’s reputation and profitability.

The rise of data breaches

Data breaches are increasing in both number and severity. According to the2018 Global Threat Report, data breaches continue to pose a serious threat:

  • 71% of United States enterprises report suffering at least one data breach.
  • 7 in 10 organizations in the U.S. were affected by a data breach over the past few years.
  • 67% of global enterprises have now been breached (73% in the U.S.).
  • 42% of enterprises breached had been breached in the past.
  • 79% increased IT security spending, which didn’t even slow breaches down.
  • 86% of U.S. organizations plan to increase cyber security spending.

Even with increased and anticipated increases to IT security spending, the statistics clearly show data breaches remain a significant problem. That said, not all approaches to cyber monitoring are created equally. Previously, periodic internal and external audits provided the most cost effective cyber monitoring of the information security landscape. However, these methods limit themselves to a single-point or single-period in time.

Machine learning now provides companies with continuous cyber monitoring tools that provide visibility into your organization’s overall security health. Using these tools, you stand a much better chance of mitigating the high cost of data breaches and phishing scams.

SecurityScorecard’s proprietary ThreatMarket threat intelligence tool allows you to see your environment the way a hacker does. This insight allows you to mitigate risks before they become breaches. For example, companies with poor overall SecurityScorecard ratings are 5.4x more likely to experience a breach than companies with high ratings.When companies only look at their security posture a few times a year, they may not realize that they are slow to patch vulnerabilities or that their employees use corporate emails on social networks. Both of these practices can increase the risk of a company being breached.

The lack of insight across cyber security ecosystems

While you can monitor your own environment, your vendors’ landscapes are more difficult. To protect your customer data, you need to ensure that your third-party service providers meet your standards. To protect yourself against the risks your vendors pose, you need insight into their cyber security posture. Only by knowing the risks can you prepare to react.  

One way to do this is to incorporate continuous monitoring using artificial intelligence. However,  according to theThird Annual Study on the Cyber Resilient Organization, many organizations lack insight this insight. In fact, the key findings in the study note that 60% of respondents said one of the biggest barriers to cyber security was their organization’s lack of investment in new cyber security technologies, including artificial intelligence and machine learning.

Resiliency requires preparation as well as response. Organizations without the right tools to mitigate risks cannot effectively response to events. The numbers show a blind spot toward actively preparing for cyber security incidents. Investing in predictive technologies, such as automation and machine learning artificial intelligence, can aid organizations hoping to stem the severity of data breaches and cyber attacks.

Without formal and expert cyber monitoring, your organization remains in the dark about its overall cyber security health and the health of its third-party vendors across the entire cyber security ecosystem. Despite the high cost of data breaches and lost consumer confidence, few organizations take a role in actively setting security policies and budgets.

The cost of inactivity and security threats

CISOs bear the responsibility for informing and educating the rest of the enterprise. However, the technical language of security often makes it difficult to communicate the risks effectively. Thus, CISOs find themselves struggling to obtain the needed Board oversight to ensure a proactive security posture. According to theGlobal State of Information Security Survey 2018 (PwC), organizations continue to struggle with communicating  cyber security risks and active cyber monitoring:

  • 45% of respondents in a survey of 9,500 executives say their corporate board actively participates in setting security budgets.
  • 39% of organizations actively participate in setting security policies.
  • 36% say they are involved in the technology selection process.
  • 31% actively review current security and privacy risks.
  • 44% of respondents say their corporate boards actively engage in their overall security strategy.
  • 29% of the respondents from the survey of 9,500 executives say their CISOs bear responsibility for IoT security.
  • 34% of respondents plan to assess the potential risk of increased internet connectivity (such as IoT security.)

While massive cyber security breaches grab headlines, many organizations still struggle to understand and plan for the growing cyber risks in our complex digital society.

The highly effective phishing attack

This communication issue extends throughout the enterprise. Phishing attacks against employees and malicious attachments sent in emails remain the main cause of data breaches. According to theGlobal Advanced Threat Landscape Report 2018, which surveyed 1,300 IT decision makers, noted that:  

  • 56% identified targeted phishing attacks as their biggest cyber security threat.
  • 51% of IT decision makers say insider threats are a major concern.
  • 48% say ransomware and malware remain a significant threat.
  • 42% point to unsecured privileged accounts as a serious problem.

Obviously, phishing attacks are a major concern because they are incredibly common and effective, especially as cyber attackers get smarter. While proper cyber security training may help, employees can make mistakes. Organizations need insight into the potential risks posed by their employee cyber behaviors.

Despite the staggering statistics, cyber security risks can be effectively addressed and mitigated even in our complex digital society. With SecurityScorecard’s predictive research, we empower security professionals with the knowledge and technology they need to maintain their organization’s security in the always-evolving threat landscape.

Cyber security threats are very real, and they thrive in an atmosphere of inaction arising out of information deficit. The attackers are working tirelessly to steal sensitive data. Are you deploying the right tools and strategy to fight back?

Security Research in your Inbox

Thanks for siging up for the newsletter!

No waiting, 100% Free

Get your personalized scorecard today

Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.

Get Your Free Score

Get In Touch

Thank you for contacting us!