“A lot of people have been caught short, not just from an organisational perspective, but also from an individual perspective — users being targeted because of the confusion and uncertainty caused by Covid-19.”
Where in the world is the cost of a data breach highest?
To determine the average cost of a data breach, researchers from the Ponemon Institute conducted in-depth interviews with individuals at organisations targeted by an attack between August 2019 and April 2020. In total, 524 companies in 17 countries, across 17 industry sectors, took part.
While the global average cost is $3.8m, there are seven countries and regions where the figure is higher — with the United States topping the list:
Industries hit hardest by the cost of data breaches
Healthcare is hit with the highest costs according to the study, although the cost of a data breach is above average in eight other industries:
What kind of costs do businesses face?
While businesses may have to pay a large ransom if information is stolen, the cost of a data breach can run much deeper.
Orton says: “When we talk to our customers the biggest concern for them isn’t extortion through things like ransomware attacks; they’re quite used to those because they’ve been around for a while.
“It’s more the less tangible and harder to quantify cost the existential threat of losing customers. For example, an outage that causes an e-commerce site to be down for several days is not always a disruption they can survive because the market is extremely competitive and customers will go elsewhere because they expect a certain level of service.
“Factories are another great example. If they have to manufacture ten thousand units to hit targets and get them to their suppliers, there’s a whole supply chain that’s based on that infrastructure working and a business can’t afford to say ‘oh, sorry, we’ll just work this out in two days and we’ll get back to you’.
“The upfront costs are just the tip of the iceberg.”
How to minimise the cost of a data breach
Orton says steps can be taken in an attempt to minimise the cost of a data breach.
“If you’re at that point executing a disaster recovery plan, I think all the things about good communication and being transparent with your stakeholders become really important,” she says.
“There’s a huge amount of footprint that an attacker will have across all your systems, and I think one thing that we’ve seen is that you want to have a security approach that spans all corners of the digital infrastructure.
“Today that doesn’t just mean tables and routers in an office building, it means your email system, Teams, Zoom and Dropbox. You have to be across it all because if you only do some parts the criminals are going to find your blind spots.”