Request a quote

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Blog

A data breach in 2020 will cost $150 million: can you afford this?

Cyber-attacks can have a devastating impact on businesses, costing them money and their reputation. With consumers becoming increasingly concerned with how organizations are handling their personal information due to a rise in highly publicized data breaches in recent years (such as the Facebook and Cambridge Analytica scandal), your business falling victim to a breach is a quick way to lose customers’ trust, which something that can be very hard to get back. Just ask Facebook; following reports of their scandal (which came to light in 2018), they lost $35 billion in market value. In a recent poll, it was also discovered that 60% of Americans no longer trust the social media giant with their information.

Data breaches are becoming more common, and sadly, they’re costing businesses more and more. As the 2018 Cost of a Data Breach Study: Global Overview shows, the global average cost of a data breach currently stands at $3.86 million, up 6.4% from the previous year. The study, which was conducted by IBM Security and Ponemon Institute, also concluded that:

  • The size of a data breach is increasing by an average of 2.2% year on year.
  • On average, a company will take between 69 and 197 days to identify a data breach.
  • Companies in the US fall victim to the most data breaches (equalling to a cost of $7.91 million), followed by Canada ($4.67 million) and Germany ($4.67 million).

Why are business data breaches increasing?

This is largely due to the fact that the majority of companies have now digitalized their records. Though this brings many benefits (such as making it easier for staff to work remotely), digitalizing records also makes them vulnerable to hacks, phishing calls and emails, ransomware, and other cyber-attacks.

Larger organizations are also connecting more of their infrastructure, so that it’s quicker and easier to access the information they need. However, this also means that hackers have access to more of your vital data (including personal data on your customers) in one place.

Though news of a data breach is likely to make customers lose trust in your business (as many people have with Facebook), fines for such incidents are also getting more expensive. Under the UK and EU’s new Data Protection Regulations (GDPR), organizations could be fined up to €20 million or 4% of their annual turnover. This can impact any companies that deal with customers from this part of the world.

The state of California is also due to take a tougher stance on data breaches through the enforcement of the California Consumer Privacy Act of 2018 (CCPA), which will begin in 2020. Again, this will impact businesses that deal with customers in this area, even if the business isn’t based in California. The new CCPA will give consumers more control over their personal data, causing it to be compared to GDPR.

The most common causes of cyber-attacks

Though a data breach will cost your business less the quicker it’s dealt with, the best solution is to stop them from happening in the first place. Here are some of the biggest data breach risks and some things you can do to prevent them:

Staff working remotely

Although remote working is highly beneficial to businesses as they are able to have employees located all over the world, this does bring security risks. Staff can leave devices such as their work laptops and cell phones unattended and connect to unsecure WiFi. Reduce this risk by not allowing employees to use devices that hold sensitive information in public places. Work devices should also be secured with strong passwords that aren’t easy to guess; this means no pets names or dates or birth!

Phishing emails and phone calls

This is when companies try to illegally obtain sensitive information such as usernames, passwords and debit and credit card details by pretending to be another company. Educate everyone in your company on the risks and implications of providing sensitive information over the phone or by email, as well as giving them tips on how to identify phishing emails, and ensuring that any your employees receive are reported to your company.

Ransomware

Ransomware is a type of malicious software that threatens the owner of the device unless they pay a ransom. It is often mistakenly installed on devices due to the fact that it disguises itself as a harmless piece of software, such as another trusted programme. Protect against this by blocking your staff from downloading programs on work computers and ensuring that all of your company’s devices have anti-virus protection installed as standard.

What should you do in the event of a data breach?

If your company does find itself as the victim of a cyber-attack, you should take the following steps to minimise as much damage as possible:

  • Identify the breach: find out what data was accessed, who accessed and how it was accessed.
  • Inform your customers and the authorities of the data breach.
  • Review your security systems and business processes to prevent future breaches.

Most organizations won’t be able to afford $150 million if they’re hit by a data breach, and this is a cost that’s only going to increase over the years as cyber-attacks (such as phishing and ransomware) get more convincing. Fortunately, by taking the above steps, you can prevent this risk and maintain the trust and safety of your customers.

May 16, 2019