How to Protect Your Bottom Line from Data Breaches in 2020

Whether your company is a small, medium or large enterprise, a data breach could end up costing you customer trust, time, and a lot of money. 

IBM’s 17th Annual Cost of a Data Breach Report was released for 2020, and its discovered that in general, it is taking longer for data breaches to be contained and that malicious attacks, which were the most common, are also the most expensive cause of a data breach. 

How much could all of this cost you and how can you protect your bottom line from data breaches in 2020?

How much can a data breach cost your company?

The estimations provided in IBM’s report is based on interviews with over 500 companies all over the world who experienced a data breach from July 2018 and April 2019. 

This analysis consulted businesses across a wide range of industries and it accounts for a variety of factors such as legal, regulatory considerations, technical requirements, brand equity, customer turnover, and employee productivity.

On average, a data breach in 2019 cost Canadian companies $4.44 million CAD. This was on a slight decline from 2018, which reported $4.74 million in data breach losses, but it still ranks higher than the global average of $3.92 million. 

The average size of the breach consisted of 23,071 records, which amounted to a $187 cost lost per record. The total time for identifying and containing the breach averaged 241 days and the highest industry affected was the Finance industry.

Several key findings emerged from the report, including evidence of extended long-term effects. They called this a “long tail” where the financial effects can still be felt for years following an incident. 

Also, the lifecycle or the time from when the data breach occurred to when it was contained grew significantly between 2018 and 2019. 

Data breaches that take more than 200 days to contain cost a business upwards of 37% more than data breaches contained within 200 days. 

What affected companies the most was the loss of customer trust. This affects smaller businesses profoundly more than larger businesses because they typically do not have the safeguards in place to keep their business running while the attack is being managed. 

IBM’s report found that small businesses were disproportionally affected by these breaches. For example, large corporations (with over 25,000 employees) lost an average of $5.11 million, which equated to $204 per employee. It cost smaller organizations, those with 500 – 1,000 employees, an average of $2.65 million, which equated to a whopping $3,544 per employee.

What are the root causes?

There are two main root causes associated with data breaches: internal and external breaches. 

Data breaches are most commonly caused by malicious attacks (51 percent of the time), which means that a breach is forced through either an insider threat or a criminal hacker. These types of breaches differ from those that were the result of human error (24% of the time), or glitches in a system network (25% of the time).

The per-record cost differs slightly for each of these three root causes, but they generally range from $132 (for system glitch and human error) to $166 (for malicious attacks). 

The main cost components

There are four main components that lead to costs for data breaches: detection and escalation, notification, post data breach response, and lost business. 

There is a seemingly endless list of reasons why hackers are interested in accessing large amounts of personalized data. And consumers know this. Since the dawn of the hacker-era and the monetary threats that are possible through online networks, people have learned that threat detection and data security are becoming increasingly important. 

Once a breach has occurred, consumers are going to feel less confident that your company can protect its data. 

The expenditure involved in securing your company’s system and resuming work is costly. Things like system shutdown, new customer acquisition, and revenue loss all lead to large deficits. 

According to the 2019 IBM report, it took an average of 241 days for Canadian companies to identify and contain a breach. Couple this with the fact that breaches that are not contained within the first 200 days end up costing 37% more than those contained under 200 days, and you can easily see how these losses begin to pile up. 

How can you protect your bottom line?

There are definitive processes that your company can implement to improve threat detection, guard against insider threats and better protect yourself against potential data security breaches. 

Executive Director of Treasury Services at J.P. Morgan Steve Bernstein recommends five proactive moves when concerned about future threats. These include being prepared to isolate a network branch or shutting down a network involved or suspected to be compromised by a breach, reaching out to legal aid that specializes in these types of concerns, and training your employees. 

Consistently, cloud migration, IT complexity and third-party breaches would significantly drive the cost of a data breach up. This is most likely because systems have not yet been vetted to account for the larger number and more unique variables presented when more technologies and personnel are involved.

IBM also found that of the 26 cost factors studied, investing in data loss prevention, threat intelligence sharing, encryption, and integrating security into the software development process (DevSecOps) contributed to lower overall costs of data breaches. 

Things like utilizing encryption could reduce the cost of a data breach by $360,000, and management continuity could also effectively lower the cost by $280,000 on average.

Above all, having an incidence response (IR) team and tested IR plan saved an average of $1.23 million compared to those who didn’t have a plan or team in place. Having a dedicated IR team can equate to a lot of money in proactive spending, but this is one of the strongest insurance plans that your company can invest in. This dedicated team will be solely prepared for a wide range of data breaches and will more quickly be able to mitigate and contain breaches. 

They can also implement automated processes as a part of security systems. According to the IBM report, “…artificial intelligence, machine learning, analytics, and automated incident response orchestration – saw significantly lower  costs after experiencing a data breach.” Data breach costs for companies without automated security measures in place were significantly higher – at least 95% higher. Companies without automation ended up spending an average of $5.16 million as opposed to $2.65 million, generally across industries, globally. 

Luckily there are still concrete ways a company can safeguard a large number of the variables that will lead to financial losses in data breaches. Investing in network monitoring software and computer monitoring software will allow you to better track network and employee activity and protect your files and servers against data breaches caused by human error, insider threats, and/or malicious external attacks.

By SoftActivity Team