What can make a grown CISO quiver in his/her boots? The gathering of ominous, dark clouds of the dreaded security breach are rapidly sending businesses for cover! Many recent reported cyber attacks have caused significant downtime, not to mention long-term reputational and financial damage. The rehabilitation process is more significant than you might imagine (see here, here and here).
Such attacks involve both direct and indirect damages to any firm. Whether you’re an SMB or a large-scale conglomerate, the recovery process often demands outsourced expertise with a hefty cost.
It is not an easy task to estimate the total loss of any enterprise that has been the victim of a security breach. A key reason for this is the fact that businesses often refrain from sharing/airing such details in public. According to a report from Kaspersky Lab [PDF], on an average, the victimized company spends $551,000 in the recovery from a cyber security breach. Moreover, SMBs usually pay $38,000 to recover from direct damages only.
Additionally, the cost of indirect damages is reckoned to be $69,000 and $8,000 for a small and medium sized business. According to the report, the percentage of enterprises that detail their security breach is 90%; out of which 46% of companies lost the sensitive data that leads them to business downtime.
Here are some data points from Kapersky for CISOs to keep in mind when estimating the true cost of a security breach.
The three biggest consequences of a security breach
Loss of sensitive and critical data access: The targeted company, is under threat to lose the access to their sensitive data. This causes them to pay the ransom amount in a bid to recover their crucial data.
A question of reputation: For any business market standing and reputation is a key factor for business success. In the case of any security breach, the damage to the victim’s reputation can have staggering consequences.
Loss of current business opportunities: As the company strives hard to rollback its IT to the pre-attack data point, the company is more likely to lose potential deals and some existing business during the recovery period.
The three highly distressing security breaches
External security breach: This type of security breach involves third-party and defense failure that leads to a company’s system intrusion and data loss. Actors in this case may have various intent.
Internal security breach: Internal security breach causes when any of the company’s employee acts maliciously or fraudulently and either can result in considerable damage or the removal of sensitive data from the company’s systems.
Cyber espionage: This approach can be internal, external or a combination of both. The sole purpose is to get access to sensitive commercial or government data. Actors in this case are often hacker groups sponsored by rival companies or state-sponsored.
Average cost of security breach according to types
Failure of third-party suppliers: In such case companies tend to spend $3,289,864.
Fraud by employees can cost companies $1,303,827.
Cyber-espionage causes the companies to pay $1,141,305.
Network intrusion/hacking results in spending $1,104,962 by the targeted companies.
The takeaway: be prepared!
The increasing risk of security breaches for any business has become the top concern of the business fraternity. Most companies are waking up to the fact that while implementing security will cost them, the cost of a security breach could be devastating.
Remember, it’s not just the cost of the downtime, legal fees, or even customer reparations. The true cost of a security breach could be your job and your company.
This quote from Ben Cabrera, network supervisor for Stater Bros. Markets, sums up the situation nicely: “We have to do everything we can to protect ourselves. All it would take is one breach and 80 years of success would be gone.”
This article was originally published on CyberSecBuzz