Posted on Aug 6, 2020
You may think that you can’t afford advanced cybersecurity, but the truth is that, in our modern business world, you can’t afford not to institute the right processes, people, and tools to keep your company safe from cyber threats. Remaining complacent may seem tempting, but this complacency will catch up to you, resulting in financial loss and damage to your reputation that you may not bounce back from. Being proactive in addressing your cybersecurity will ensure that your company can have a brighter future.
The 2020 Cost of a Data Breach Report from Ponemon Institute and IBM Security revealed that the cost of a data breach declined slightly to $3.86 million compared to 2019’s $3.92 million. However, the report is quick to note that despite this decline, the evidence shows a growing divide between organizations with more advanced security processes and those with less advanced security postures.
There are a number of different factors that influence the cost of a data breach. Below, we’ve outlined the top aspects to keep in mind when determining your cyber risk management strategy:
Your industry and company size has a major influence on the cost of a data breach. Heavily regulated industries experienced significantly higher total costs than less regulated industries. Large financial services organizations have an obligation to protect critical data like personally identifiable information, social security numbers, and payment card information (PCI). Likewise, the healthcare industry is made to protect equally sensitive patient information and private health information. The healthcare and financial services industries consistently both maintain strong positions as industries with the highest costs. However, the energy sector chimed in this year as the industry with the second-highest average total costs. In essence, if your industry is sizable and houses highly sensitive data, both the potential and cost of a data breach increase when compared to smaller industries that carry less sensitive data.
The Ponemon Institute found that the most expensive data breaches stem from third-party organizations. Focusing on third-party cyber risk management and continuous monitoring can help offset these potential costs. Additionally, vulnerabilities in third-party software caused 16% of data breaches, meaning that companies need to focus on third-party vendor management and installing security patches to third-party software.
If the breach causes enough damage to your organization, you may need to contract a third-party to investigate the breach. This can cost your organization a considerable amount of money. Further, a significant breach can lay the foundation for a class-action lawsuit which will result in your organization having to pay for legal fees and potential payouts.
When an organization experiences a data breach, they need to issue a public disclosure to alert stakeholders and consumers of potential compromise. Public disclosures could result in a loss of trust in your organization and cost money in lost revenue and investment. Additionally, breaches have the ability to disrupt or completely stop business operations which can lead to losses in sales or the inability to assist customers and fulfill service agreements. In both scenarios, the breached organization suffers losses due to a decline in consumer confidence.
If your organization is in the process of an M&A deal during a period of the breach, business values could be affected. This could have either a negative or positive effect on costs depending on whether your organization or the company to be acquired was affected. If the company you are acquiring was affected, you will likely be able to renegotiate at a lesser price. However, if your organization was affected, this could result in losses.
Four key factors reduced the overall average cost of a data breach: incident response testing, business continuity planning, the formation of an incident response team, and using an AI platform. The four key factors that increased the cost of a data breach were moving to a remote workforce, lost or stolen devices, Internet of Things (IoT)/Operation Technology (OT) impacted, and third-party data causing a data breach.
While not including CISOs in the decision-making process, organizations continue to hold them accountable for data breaches. 46% of respondents said that the CISO would be held responsible for a data breach, yet only 27% said that the CISO is most responsible for setting policies and making technology decisions.
51% of organizations with cyber risk insurance used their coverage to recoup consulting and legal services. 36% of the recovered costs applied to paying victims and 30% focused on managing regulatory fines.
In 19% of malicious attacks, misconfigured cloud servers were the initial threat vector. Cloud misconfigurations increased the average cost of a data breach by more than $500,000.
The percentage of organizations with fully deployed security automation solutions increased from 15% in 2019 to 21% in 2020. The value of security automation continues to prove itself out as organizations save an average of $3.58 million for a data breach when using a fully deployed security automation compared to those organizations with none.
When attempting to determine the potential cost of a data breach for your organization, it is important to consider the factors listed above. Taking preventive steps like enacting third-party risk management programs, obtaining cyber insurance, and continuously monitoring your cybersecurity ecosystem can help your organization avoid a breach or better deal with the fall out should one occur.
SecurityScorecard’s platform assigns A-F security ratings that reflect your cybersecurity posture in real-time. Security Ratings also provide you with instant and continuous visibility into your vendor’s cyberhealth.
Additionally, SecurityScorecard allows you to continuously monitor compliance across your entire ecosystem and embrace compliance due diligence to ensure your third-party partners are compliant as well.
SecurityScorecard enables organizations to address vulnerabilities in real-time and improve cyberhealth across the entire business.
Check out our list of 3 top third party risk management (TPRM) challenges, and the actions you can take to bolster your program. Learn more.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
Co-founder and CEO, Alex Yampolskiy, speaks about the importance of measuring and acting on key indicators of cybersecurity risk.
You’ve invested in cybersecurity, but are you tracking your efforts? Check out our list of 20 cybersecurity KPIs you should track. Read more.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.