Posts

The Average Cost of a Data Breach, and how Micro-Segmentation can Make a Difference

In the US, the financial cost of a data breach is rising year on year. IBM’s Cost of a Data Breach Report, is independently conducted annually by the Ponemon Institute. This year, the report included data from more than 15 regions, across 17 industries. They interviewed IT, compliance, and data protection experts from 477 companies. As a result, the true average cost of a data breach is more accurate than ever.

Crunching the Numbers: The Average Cost of a Data Breach

According to the study, the average cost of a data breach in 2018 is $3.86 million, which has increased by 6.4% since last year’s report.

While the risk of a data breach is around 1 in 4, not all breaches are created equally. Of course, the more records that are exposed, the more expensive and devastating a breach will be. A single stolen or exposed data record costs a company an average of $148, while 1 million, considered a Mega Breach, will cost $40 million. 50 million may be reserved for the largest enterprises, but this will raise the financial cost to $350 million.

Beyond a Ransom: The Hidden Cost of Data Breach

Although many businesses worry about the rise in ransomware, the cost of a data breach is about much more than any malicious demand from a hacker could be. The true cost can be broken down into dozens of areas, from security upgrades in response to the attack to a drop in your stock price when word of the breach gets out. Research by Comparitech found that companies tend to see a stock price slide of 42% following a breach. Other costly elements of a data breach include Incident investigation, legal and regulatory activity, and even updating customers. These all contribute to the escalating cost when you fail to adequately protect your company against a data breach.

The Ponemon study found that the largest cost comes from customer churn. The US sees the highest cost in the world in terms of lost business due to a data breach, more than two times the average figure, at $4.2 million per incident. Most analysts put this discrepancy down to the nature of commerce in the United States. In the US, there is far more competition and choice, and customer loyalty is both harder to hold onto and almost impossible to retrieve once trust is lost.

Customers also have more awareness of data breaches in the US, as laws dictate they must be informed of any issues as they are uncovered. This kind of reputational damage is devastating, especially in the case of a Mega Breach. In fact, 1/3 of the cost of Mega Breaches can be attributed to lost business.

Of course, there is also the fear that even if you manage to recover from a data breach, the worst is not over. The IBM study found that there is a 27.9% chance of another breach in the following two years after an attack, making your company extremely vulnerable unless you can make considerable changes, and fast.

Preparing Your Business for the Average Cost of a Data Breach

The numbers don’t lie. The speed and impact of data breaches is something to which every company, no matter the size, should be paying attention. There are definitely ways to protect your business and to position yourself responsibly for the worst case scenarios.

According to Verizon, 81% of all breaches exploit identity, often through weak passwords or human error. Malware can piggyback onto a legitimate user to get behind a physical firewall, which is why most IT professionals agree that even next-gen firewalls are insufficient. To limit the potential repercussions of this, all businesses need to be employing a zero-trust model.

With micro-segmentation, perimeters can be created specifically for the protection of sensitive or critical data. This ensures that all networks are considered not trusted. Using a granular approach to limit communications, and tagging workloads themselves with labels and restrictions. Containment of attacks is built into your security from the outset, by limiting the attacker’s freedom of movement and restricting ability for any lateral movement at all. As the financial impact of a data breach rises with the amount of data records stolen, this is a significant weapon to have at your disposal.

Rapid Response Can Limit the Cost of Data Breaches

Efficiency in identifying an incident as well as the speed of the response itself has a huge impact. Rapid response can save money, as well as proving to your customers that you still deserve their trust. According to the IBM report, the average time it took companies to identify the data breach was 197 days. Even once a breach was detected, the average time to contain it was a further 69. When it came to a Mega Breach – it could take an entire year to detect and contain.

With micro-segmentation, the visibility is immediate. All communications are logged, including East-West traffic. This includes private architecture, cloud-based systems, and even hybrid solutions. The best solutions will offer alerts and notifications in case of any unusual behavior, allowing you to stop threats in their tracks, before any damage has been done.

The quicker this happens, the less financial damage will be done. In fact, on average, companies who suffered a breach that managed to contain it within 30 days saved more than $1 million over companies who couldn’t. The larger the breach – the more significant these savings are likely to be.

Ensure You’re Fully Armed Against a Data Breach

The complex nature of most businesses IT systems explains the growing threat of cyber-crime, and the increasing financial cost of lax security holding us all to ransom. Traditional security systems are not enough to ensure adequate protection from a data breach, or rapid detection and response in case the worst happens.

Micro-segmentation offers granular flexible security that adapts to your exact environment, detecting and limiting the force of an attack, and providing the visibility and response tools you need to keep your customers loyal.

As Yahoo Breach Sinks In, Here’s How to Secure Your Data Centre in 2017

It’s certainly not what Yahoo or its customers would have wanted. But news of the biggest data breach ever recorded serves as a timely reminder of the threats facing the modern data centre as we head into the new year. The internet pioneer may be an extreme example, having now allowed cyber thieves to steal data from 1.5 billion accounts. But organisations of all sizes should see it as a cautionary tale. They need to wake up to the threats facing their data centres or risk following in Yahoo’s footsteps.

Read more

Black Friday Sales Rush Puts Spotlight on Data Centre Security

E-retailers are coming up to the biggest shopping period in the year as the annual Black Friday and Cyber Monday sales events at the end of November slide into the December holiday season. In the UK, shoppers spent more than £3 billion over the weekend last year with many of those sales coming online. It’s clearly a fantastic revenue making opportunity for e-commerce providers. But it also represents a great window of opportunity that hackers could exploit to steal valuable customer personal and financial data. Cybercriminals love Black Friday as it allows them to go unnoticed in the increased volumes of transactions and internet traffic.

Read more

Developing Advanced Data Centre Security for Under Fire Healthcare Organisations

British healthcare organisations, like their counterparts in the US and Europe, are currently facing a deluge of ransomware that threatens to overwhelm systems. Widely reported figures gleaned from an FoI request reveal nearly half (47%) of NHS Trusts in England have been infected over the past year. This is just the tip of the iceberg. Ransomware is one of many online threats facing healthcare IT bosses coming to terms with the fact patient data is increasingly highly sought after on the dark web.

The mission criticality of IT systems, rigorous compliance requirements and often stretched resources make securing these environments even more challenging. That’s why IT buyers need to consider a new approach designed to focus on east-west traffic inside the data centre.

Read more

How Next Gen Security Can Help Finance Firms Stay on the Right Side of New Euro Laws

Financial services firms have never faced a more agile and determined online foe. Barclays Global CISO Troels Oerting said recently that elite cybercrime gangs armed with advanced malware and a sophisticated skillset pose a major threat to the industry. They can get deeper inside networks, stay hidden for longer and steal more data than ever before. Additionally, as if that weren’t enough to worry about, coming European data protection laws will introduce a stringent new set of requirements and penalties on businesses, forcing improvements to cybersecurity.

Read more

Cybersecurity as Business Enabler: Why Hyper-Growth FinTech Needs Next Gen Tools

FinTech is booming. Last year it received a staggering $14.5 billion in venture funding – more than double the 2014 figure. And the UK is Europe’s unofficial capital. That’s good news all round. But that also puts this rapidly growing sector very clearly in the crosshairs of formidable assailants. As these firms race to offer a wider range of agile, cloud-based services to a whole new set of customers they begin to present an even greater target for the aforementioned assailants.

Read more

Dwell Time: The Real Killer in Data Center Breaches

This is part 2 of a 4-part series examining data breaches, what they cost, why they are increasing in frequency, and what you can do about them.

In our August 23, 2016 post, we broke down the many costs of data breaches, both direct and indirect, that hit organizations in a variety of areas. Now, let’s look at one of the chief culprits driving up the cost of breaches: dwell time.

Read more