Bringing to the Fore – Costs Associated with a Cyber Breach

Einstein famously defined insanity as “doing the same thing over and over again and expecting different results.”

We may relate this saying with redundant and repeated function/process that companies continue to follow including archaic security strategies while data breaches. There are cases guiding IT security strategists to take a close re-look and close any security loop. But most of them just stay put, with failed efforts and unconvinced non tech decision makers.

Insane, it is!

Ponemon Cost of Data Breach Study’s researchers interviewed IT, compliance and information security practitioners, states that in 2016 the average consolidated total cost of a data breach grew from $3.8 million to $4 million. The global study reports that average cost incurred for each lost or stolen record containing sensitive and confidential information has increased from $154 to $158. These numbers are going up despite breakthrough technology in place to discourage data breached and cyber-crime.

Businesses today need to take note of damage that can be caused in terms of cost implications once a breach has happened. There are various components of managing the aftermath of a breach, some costs are extremely difficult to quantify, such as the cost of loss of brand image.
Here we break the various cost components of a data breach or cyber breach:

1. Preliminary Breach Management Cost – The moment a breach is reported, a heads-up is rolled into the system to place preliminary checks, close possible loops and run an audit. This could accompany a temporary stalling of operations and more focus on dealing with breach victims’ enquiries.
2. Cost of Corrective Measures – Once the loops have been closed, the aspect to correct the system gets into the picture. This includes bringing primary as well as auxiliary technology in to the IT Systems, getting completely insured (with clauses that might have been missed earlier). Additional measures include examination of data, records through penetration testing and vulnerability assessment.
3. Rebuilding the lost Brand Image – This exercise begins the moment a breach is reported. It starts with notifying the affected parties, making provisions to restore faith of victims, existing customers and potential customers. Investment in new program and promotional campaigns to communicate a business’ responsibility towards data protection becomes imperative, and a lot of cost is involved in this exercise.
4. Halt in the Revenue Stream – While a considerable amount is being spent in restoring brand image, there could be a damage reported in terms of sales. Investment and stock market performance can also be dented. Business partners and investors might also adopt a wait and watch approach till they restore faith.
5. Liability of future transactions – This could be perpetual in nature. The cost of the card or information replacement, fraudulent transaction and extending credit monitoring services to the affected. and present fraudulent transactions.
6. Legal Cost and Penalties – In case a regulation is not complied with the penalty extended to a business can be huge. Legal cost is also included along with cost related to prosecution, settlement of lawsuit, fixing legal aspects, investigation related expenses and so on.
7. IT Strategy and Upgrades – The indirect cost of upgrading security policies, putting access and identity related protocol in place needs to be attended to. Furthermore, a breached organization needs to bring business specific aspect into the IT Systems for a robust, agile and secure IT ecosystem.

Smart IT Security Strategy and IT Architecture can businesses to achieve a highly secure and safe IT systems. Technology landscape within enterprise should be up-to-date and is possible a notch up. Better monitoring and testing service can bring down possibility of costly cyber breaches.