Data is the DNA of any business or organization. And your data – whether it’s research and development, payroll information, client payment details, or any other mission-critical information – is up for grabs by cybercriminals who want nothing more than to sell stolen data on the dark web.
Cybercriminals will stop at nothing to hack into your organization’s network and steal valuable information. When this happens, you pay a hefty price – not just in currency, but in reputation, too. The price for a data breach often includes out of pocket costs to stem the breach and more time and money spent on saving your company’s standing as a trustworthy organization. Your customers, patients, employees, and other stakeholders may well think twice before engaging with you after a large data breach.
According to the recent IBM survey “Cost of a Data Breach,” each stolen record costs approximately $148 and the average cost of a data breach in total could reach $3.86 million. Imagine now how many personal records you have in your systems. Recovering that information can quickly become cost prohibitive.
For their survey, IBM calculated the cost of a data breach by looking at factors such as the direct and indirect expenses incurred by the organization.
“Direct expenses include engaging forensic experts, outsourcing hotline support, and providing free credit monitoring subscriptions and discounts for future products and services. Indirect costs include in-house investigations and communication…” reports IBM.
The complexity of security compliance:
In 2017, the world witnessed some of the largest cases of data breaches, ransomware and other cybercrimes to date:
- 143,000 million: the amount of consumers affected by Equifax breach.
- 3 billion: the number of people whose Yahoo email accounts were reportedly compromised. While these breaches occurred in 2013 and 2014, Yahoo! only disclosed the 3 billion number in October of 2017.
IBM counsels that every organization, large or small, should have programs in place to preserve customer trust. This will help reduce the degree of abnormal churn in the event of a breach.
“This year more organizations worldwide lost customers as a result of their data breaches. However, organizations with a senior-level leader, such as a chief privacy officer (CPO) or chief information security officer (CISO), directing initiatives to improve customer trust in the guardianship of their personal information reduces churn and, therefore, the cost of the breach.”
Many industry-compliance practices – from HIPAA to PCI and now GDPR – have critical guidelines for protecting both organizations and your clients and employees. While many businesses will pay hefty sums to adhere to these compliance policies, the fact is that experts report many organizations are not in compliance with recent mandates to adequately protect data and user privacy.
GDPR, or the General Data Protection Regulation, went into effect this year and serves as a standardized data protection law across all 28 EU countries. It imposes strict new rules on controlling and processing personally identifiable information (PII). However, a global survey from the Business Industry Information Association (BIIA) shows that most organizations worldwide are not in compliance with GDPR. Pymnts reported that “…20 percent of firms (surveyed) are fully compliant…but only 21 percent of firms in the U.K. and U.S. are in compliance.”
The confusing part for many organizations is that you often have to adhere to two or more industry compliant regulations. This can be both time-consuming and expensive.
“What makes regulatory compliance so complex is that there is no ‘one-size-fits-all’,” writes IT Portal. “Each regulation has a different focus, with different rules aligned to its individual purpose, sometimes with conflicting requirements. For example, financial institutions must comply with anti-money laundering (AML) and fraud regulations involving strict controls on transaction reporting. Yet AML compliance must be in line with GDPR which focuses on the capture, using, securing and discarding of customer personal data.”
While it may not be an ideal scenario to have to comply with multiple industry regulations, it is important not to sweep compliance under the proverbial carpet. IT Portal says that when your data leaks occur without public disclosure, severe financial and reputational consequences can occur.
“Downtime is disastrous for any business,” writes Network World, “It can’t take orders, customers are up in arms, and nothing can be shipped. Not only is there the cost of any punitive fines for regulatory breaches to consider, the data still has to be recovered and the threat that led to the incident must be mitigated.”
It is important to be vigilant in training and educating employees on the proper use of applications and data and helping to protect the security of their organization. Contact DiamondIT at 877-716-8324 to learn more about security training, assessment and implementation services to build out your lines of defense and prevent cybercrime.