By John Hines, Head of Cybersecurity, Asia-Pacific, Verizon
There was a time, when data security was chiefly only a concern for IT. Hacks and breaches were problems for them to identify and deal with, while the rest of the business went along its merry way.
Those days are officially over. Organizations are more connected, less isolated, and more dependent on data as compared to before. This has resulted in more data in more places, with more opportunities for a breach due to accidental exposure, internal malicious data theft, and external attacks. We at Verizon examined 53,000 incidents and 2,216 confirmed data breaches as part of our 2018 Data Breach Investigations Report.
Meanwhile, data breaches have graduated from minor irritants to a full-blown existential risk for organizations and careers alike. Here’s just a few of the ways a data breach impacts your entire business, not just your IT department.
Stalled operations
Your people and your business rely on data to work. Ransomware has doubled year over year once again. So, what happens when your data gets locked up in a ransomware attack? Most likely, work grinds to a halt as employees lose access to important files or even their laptops for hours or days. Imagine the chaos that would take place if your business took a sudden, unplanned break in operations. As per a recent Frost and Sullivan study, large firms in India on an average had a loss of $10.3 million, whereas mid-sized enterprises suffered losses of $11,000 to cyberattacks.
Of course, you don’t have to imagine. Just ask FedEx. The organization reported a $300 million loss in its 2017 Q1 report due to the Petya ransomware virus attack. The attack froze computers at their Dutch subsidiary, encrypting files and threatening to delete them unless a ransom was paid—and then sometimes deleting the data even if the ransom was paid anyway. The attack significantly impacted delivery volume, which led to reduced revenue and profit for the quarter.
Tarnished brand value
Even once your systems are back to full speed, the damage to your brand can linger for months or years. Equifax’s reputation was damaged almost overnight as a result of their data breach and mismanagement in helping affected consumers. As a result, the organization suffered a 33-point 10-day drop in their brand score as measured by YouGov Brand Index, the second largest drop in brand value on record. This loss of brand value can lead to lost market share as burned customers ditch your brand for more secure competitors (or if not more secure, at least not on the front page).
Lost focus
Recovering from a breach can be a full-time job. In a study of post-breach impacts of cyberattacks, the remediation process took 23 per cent of respondents up to three months to fully remediate breaches. A stunning 38 per cent took three months or longer to fully remediate their breaches. Together, that’s more than half of all organizations taking months more of their time, energy, executive focus and budget to handle the security fix, remediation, lawsuits and fines.
Damaged careers
According to that same study, remediation costs can run as low as $1,000 to more than $100 million, depending on the type and severity of the attack. While a cyberattack is unlikely to put a large enterprise out of business, it can certainly put their leaders out of a job. CEOs at Equifax, FACC, Sony and Target were all removed due to data breaches at their organizations, while countless CIOs, IT security managers, finance directors, board members, and employees responsible for breaches have lost their jobs due to preventable attacks that took place on their watch.
The business imperative for risk scoring
Cybersecurity is not just an IT issue any more. Because of that, cybersecurity needs to be put in a framework that businesses can take action against and that’s why companies need to understand their risk profiles. That’s where risk scoring comes in. By using a systematic process to identify and define your current level of risk, you can then prioritize the initiatives and resources needed to improve your score and become more secure.
With all your security investments, it’s easy to be overconfident that you’re protected. However, it takes just one breach to cost your organization millions and your job. With risk scoring, you can easily understand where your organization stands in an ever-changing threat environment on a daily basis, giving you need to best allocate your budget, time, and resources.