If you are part of an IT steering or governance committee that’s evaluating cybersecurity from a cost-benefit angle and need a case study to set a worst-case scenario for exposure to the downside, look no further than the Equifax settlement with the FTC, in July 2019. In the settlement, Equifax agreed to pay from $575 million up to $700 million, along with other conditions, for the 2017 data breach that affected approximately 147 million people. The scale of that breach, and others like it, is staggering.
Granted, not all organizations are the size of Equifax, and it’s a given that the cost incurred per customer record breached can vary. Still, the cost is dear. The Ponemon Institute believes the average cost is $194 per record.
Using the Ponemon Institute number, you can quickly benchmark your exposure by merely multiplying $194 by the number of business records you have.
What Happens When You Get Hacked?
Hacking is an unauthorized intrusion into a computer or network; below are a few ways this can happen:
- Vulnerability scanner: checks endpoints on a network for weaknesses
- Password cracking: brute force or more sophisticated methods of recovering stored passwords
- Packet sniffer: the capture of data packets transmitted over a network
- Key loggers: tools that capture every keystroke from an affected machine for later retrieval
- Trojan horse: back door into an endpoint that allows future access
- Viruses: self-replicating programs that spread through executable files or documents
Once the hacker has penetrated the network, they can steal personally identifiable information (PII), payment card details, health records, or any other vital business data stored on the network.
What Does a Hack Cost You?
No surprise from the Equifax example above, a hack can cause tremendous damage to your business, including:
- Loss of Sales: loss of immediate sales as news of a breach spreads
- Damaged Brand and Reputation: ongoing and longer-term effects of customer lack of trust in the brand that hurts the business over a longer-term
- Compensation Costs: the expense of trying to coax customers back with generous discounts or compensate them for losses
- Legal Action: safe to say you can lead to lawsuits or, in the case of more significant breaches, class action suits
- Fines: government levied fines for a breach
- Government Audits: FTC or other governing body reviews your policies and procedures
- Remediation Costs: costs to determine the root cause of a breach, identify and repair the gaps in your security posture and infrastructure, as well as any associated hiring or firing
Is Protection Expensive?
A simple ROI scenario can be created by comparing your total population of data records, at $194 each, against the cost of your cybersecurity package.
Smart organizations are looking beyond the legacy approach of merely installing antivirus software on every computer and device on the network and leveraging the power and efficiency of the cloud and big data to secure their vulnerable endpoints.
Endpoint security software by Carbon Black, uses predictive analytics to advance endpoint protection, not just against known, but unknown or emerging threats.
Compared to the financial, time, and emotional cost of being hacked, ensuring you have sufficient protection makes a lot of sense. If the Equifax example isn’t convincing, you can read about the carnage from the five biggest data hacks of 2019.