Companies face huge costs when data is breached

1266
0

The financial costs of a data breach can be staggering, and if company executives don’t their risks they can be extremely vulnerable.

According to an article on cfo.com, there have been dozens of highly publicized data breaches in the past two years, including recent ones at Community Health Systems, Anthem, and Premera Blue Cross in the USA. Just from those three, hackers stole medical information and other data of 136 million Americans, some records dating back a decade.

The article says that Ponemon Research conducts annual studies on the cost of a data breach, which consistently hovers around $200 per record. But that number doesn’t include the hard-to-calculate costs like reputational repercussions, business distraction, class-action lawsuits, and regulatory fines.

Experian’s latest data breach industry forecast says that senior executives will be expected to have a better understanding of the data breach response plan, comprehension of new technologies and security protocols in the workplace and have a clearly-defined chain of response
should a breach occur.

“This often doesn’t exist today,” states the forecast report. It goes on to say that according to a recent survey by the Ponemon Institute, 17 percent of senior executives are currently not aware of whether or not their organization had suffered a data breach in the last year.

“Although there is heightened sensitivity or cyber attacks amongst business leaders, a majority of companies will miss the mark on the largest threat: employees.

“Between human error and malicious insiders, time has shown us the majority of data breaches originate inside company walls, says the report. Employees and negligence are the leading cause of security incidents but remain the least reported issue. According to industry research, this represented 59 percent of security incidents in the last year. In 2015, people-based breaches will continue to be the leading cause of compromises but will receive the least attention. Investments will favor new technologies capable of helping better prevent intrusions and the exfiltration of data from attackers.

“Currently only 54 percent of organizations report they conduct security awareness training for employees and other stakeholders who have access to sensitive or confidential personal information.”

Experian forecasts that in 2015 there will be an increase in breaches involving the loss of usernames, passwords and other information stored
in the cloud.

“We expect healthcare breaches will increase — both due to potential economic gain and digitization of records. Increased movement to electronic medical records (EMRs), and the introduction of wearable technologies introduced millions of individuals into the healthcare system, and, in return increased, the potential for data breaches.

“Healthcare organizations face the challenge of securing a significant amount of sensitive information stored on their network, which combined with the value of a medical identity string makes them an attractive target for cyber criminals.

“Where previously IT departments were responsible for explaining security incidents, cyber attacks have expanded from a tech problem to a corporate-wide issue. With this shift, business leaders are being held directly accountable for data breaches. Executives at the highest levels are under scrutiny about security posture and their response to a breach from stakeholders, regulators and consumers.

“Recent mega breaches have showcased the significant pressure for management teams to brush up on their knowledge on data breach preparedness or face the threat of being ousted from the company.

“In 2015, scrutiny of corporate leadership’s management of security may continue to increase in the form of critical media coverage and legal and regulatory scrutiny in the wake of a major incident.

“We also expect to see more definitive action taken by boards to hold company leadership accountable.

Experian also says that technology advancements means the Internet of Things (IoT) is changing how people interact with everyday items.

“Growing in popularity as a way for businesses to measure data in new ways, the IoT allows us to gather and process valuable information from machines and other physical objects.”

It says as companies adopt more interconnected products and systems, the Internet of Things could usher in the next wave of large third party
breaches.

“Businesses looking to take advantage of data available from the IoT need to emphasize risk management and security with third party vendors that provide or have access to the same information.”