Data breaches have become the talk of the town in the privacy world for decades. The apparent lax attitude of some companies and organisations appears to have resulted in data breach costs soaring.
The 2016 Cost of Data Breach Study, undertaken by Ponemon and IBM, found that the average total cost of a data breach increased from £2.37 million in 2014 to £2.53 million in 2015.
And we can only see it growing and growing…
Financial risks for small to medium-sized companies
Though the figures revealed in the study may seem small for large companies and organisations, a data breach cost of that amount could severely damage small to medium-sized companies. There is a huge risk for small to medium-sized companies; many of them may not have adequate cyber-security measures in place as they don’t have sufficient means or experience.
Locate the threat
There are other reasons as to why data breaches are quickly becoming a big concern. One of the first steps companies should take is to find where the threat is coming from. This isn’t always easy.
Third party data breaches
A large percentage of data breaches are traced back to third parties i.e. cyber-hackers. In the U.S., it’s estimated that around 63% of data breaches are traced back to a third party. The same could be relevant in the U.K. too.
Some of the largest data breaches in recent years have been a result of third party intrusions; Yahoo, Three, Wonga… etc. The growing concern for this type of breach is that it can be very difficult to defend against as companies and organisations are working against unknown forces without any knowledge of when they’ll strike. The issue is exacerbated by the fact that many companies rely on third parties or have a connection with third parties that can increase vulnerability; like the NHS outsourcing patient record storage.
In addition, cyber-hackers are continually developing their malicious software. If they can get around the latest security measures, they’ve potentially got an open door…
How can data be fully secured?
The question posed then is: “How can companies fully secure their data against cyber-hacks of these types?”
There is a lot of recommendations and advice from experts… It’s clear that companies must change the way they view security. Where multiple parties are involved in the handling of data, there must be a collaborative effort between them to ensure data is handled securely and stored safely. This can erase gaps in data protection.
Companies must also update their existing cyber-security measures periodically. If companies fail to do this, cyber-hackers may already have access via known vulnerabilities, and old software will usually get to a point where developers will stop patching security updates. After this point, vulnerabilities may well be permanent.
It’s worth remembering that cyber-hackers are resourceful individuals who utilise information to infiltrate systems time and time again. Companies must also make it harder, if not impossible, for cyber-hackers to obtain private data through known vulnerabilities.
Even if the third party is responsible for the data breach, the company (data controllers) who hold the private data of their customers/clients can still be responsible for fixing it; and paying out for damages claims.
More than financial losses
Data breaches are more than just a financial blow for a company; a data breach can also seriously impact consumer confidence, thus leading to loss of business. According to an Inc. analysis of a Cisco survey, over 50% of companies face public backlash after a security breach. Of the companies that suffered a breach, 22% of breached companies reportedly lost customers. As such, you can see that data breaches are costly, in both ways.