What the IBM Cost of a Data Breach Report means for you
The average total cost of a data breach now exceeds £3m, according to the latest Cost of a Data Breach Report.
Cost of a Data Breach: Key Findings
What does this mean for you?
The immediate takeaway from the report is that there is almost a 1 in 3 chance of suffering a data breach in 2019, and that the overall average cost (per incident) is over £3m.
The total cost of a data breach is determined by four key cost components: Detection & escalation; Notification; Post data breach response; and Lost business.
Your ability to meet these criteria defines how costly a data breach would be for your business.
Detection and Escalation
Activities that enable a business to detect and report a breach to appropriate personnel within a specified time period.
Activities that enable the business to notify individuals that their data has been compromised, including the meeting of regulatory requirements and engaging external advice if necessary.
Post data breach response
Processes set up to assist individuals or businesses affected by the breach, including increased inbound communications, reparations to victims and regulators, and associated legal expenditures.
The cost associated with business disruption and revenue losses as a result of downtime, loss of both existing and new customers, and the diminishing of reputation.
However, the costs from a data breach can continue long into the future. Especially with the introduction of GDPR. This regulation holds data controllers (any businesses that hold personal data) responsible for the secure and responsible storage of personal data.
And the penalties aren’t small, as Google found out earlier this year. Fines can be issued of up to €20,000,000 or 4% of global annual turnover (whichever is greater). But you also have to consider the impact of a data breach on your business’s reputation.
GDPR penalties aside, people need to know that their data is secure, and if it isn’t? You’re probably going to be overlooked for a competitor.
How to Mitigate Against a Data Breach
So, with all of this in mind, how do you prevent a data breach?
The short version is that you need a robust cyber security plan that includes regular testing and in-depth IT awareness training.
Why? Let’s look at the key factors involved in a breach:
Firstly, 51% of data breaches come as a result of a sophisticated malware attack. This could breach your business through a variety of forms, including network-borne attacks or malicious phishing emails.
System glitches (25%) and human error (24%) make up the remaining numbers when it comes to the root cause of a data breach. Both of these scenarios can be prevented with the delivering of robust IT awareness training.
System glitches can happen, but they’re far less likely if your business has a healthy IT culture. This includes regular patching of software and devices, and regular testing of cyber security solutions to ensure they are working as intended.
Human error, a prominent feature in the more costly phishing scams, often comes down to a lack of IT awareness or education. If staff are unaware of what to look out for, they cannot be vigilant for potentially malicious content. IT awareness training can therefore instil best practices and give your team the ability to act with confidence online.
How Business Continuity Planning Can Help
So, you’ve put your cyber security measures in place and your staff are drilled in all the best practices. You’re fully secured against a data breach, right?
Sometimes accidents just happen, and you can’t always account for these circumstances.
What your business must have, regardless of size, is a fully comprehensive Business Continuity & Disaster Recovery (BCDR) Plan. Whilst this cannot change the fact that data has been breached, a response plan enables you to deal with the fallout more efficiently.
For example, if you suffer downtime as a result of the data breach, what is your plan to get your business systems back up and running? Without access to your CRM, how are you going to meet your regulatory requirements by contacting your customers to inform them of the data breach?
The longer the downtime, the more revenue lost – and this includes new business, as well as your existing customers. In fact, at 36% of the total, lost business is the largest contributor to the cost of a data breach.
Companies with business continuity management in place were able to reduce their overall cost by £216,000. Whereas incident response planning saved as much as £925,000, according to IBM’s latest report.
This can be the difference between survival and failure, so if you’re yet to deploy a BCDR plan, it’s highly recommended that you start now.