Can we afford an investment in cybersecurity?
This is often a question pondered by organizations looking to invest in a cybersecurity program. Is it worth time, resources and investment to protect against a threat that may not ever occur? A cybersecurity investment is similar to any insurance policy investment. It is difficult to examine “what if” scenarios but oftentimes most rewarding. The better question to ask is, “can we afford a cyber incident?”
What is at Risk?
Cyber incident costs are shown across four areas – lost business, detection and response, notification, post incident clean up. For most organizations, the largest costs generally fall within the lost business category.
Fifty two percent of data breaches in the 2020 study were believed to be caused by financially motivated cybercriminals carrying out malicious attacks. Twenty three percent were caused by human error, and twenty five percent were caused by system malfunctions.
The most targeted country is the United States. The most commonly targeted sectors include healthcare, energy, financial, and pharmaceutical.
Associated Hard Costs
Eighty percent of data breaches in 2019 included customer PII. With an average cost of $150 per lost or stolen record, this factor alone could be devastating for a small business.
The average cost of a data breach for organizations with 250-500 employees is around $2.35 million. The smaller the organization, the higher average cost per employee and bigger the loss.
Remote work is expected to increase the cost of a potential data breach.
The cost consequences of a data breach can continue for years following the event. Analysis shows that costs were greatest in the first year after a breach, but tended to pick up again after two years.
Reduce the Cost of a Breach
Extensive testing of an incident response plan and business continuity management were shown to decrease the average cost of a breach by an average of $295,267.
Cyber insurance will most likely recover costs of consulting and legal services of recovery but most times may not cover costs of ransomware or extortion.
Security skills shortages is one of the leading factors contributing to increased data breach costs, while managed security services are associated with lower average data breach costs. A managed security services provider can help simplify security and risk with continuous monitoring and integrated solutions and services.
Source: IBM Cost of a Breach Report