Cloud computing, mobile devices and the Internet of Things (IoT) have spurred organizations to generate unprecedented amounts of data. Cyber criminals have taken notice, as evidenced by the series of high profile data breaches experienced by industry giants such as Target, Home Depot and Sony. If your company wasn’t impacted by an online security breach, consider yourself lucky, but not immune. As HOSTING’s Tricia Pattee and Sean Bruton discussed in their recent webinar, Scary Facts About Online Security You Need to Know, it’s no longer a matter of “if” a company will experience a data breach, it’s “when.” So take 30 minutes to listen to Tricia and Sean’s on-demand webinar. In the meantime, we’ve listed some of their scary facts below.
41% of data breaches result from malicious or criminal attacks
A data breach is an event when a person’s name, plus a medical record or financial record including debit or credit card information is potentially put at risk, either in paper or online form. Malicious or criminal attacks such as the one experienced by Target, is the most common cause of a data breach, followed by those resulting from human error.
Root causes of data breaches
- Malicious or criminal attacks – 41%
- Human error involving a negligent employee or contractor – 30%
- System glitches resulting from an IT or business process failure – 29%
Web-based applications experience an average of 4,250 individual attacks per year
No, that’s not a typo. If you have an application online, you can assume that it is being attacked on a regular basis through automated activities. These automated programs scan your application for any type of vulnerabilities that can get them into your system, such a neglected patch (incidentally, a neglected patch on a single server is assumed to be the cause of JPMorgan Chase’s massive data breach.)
Targeted attacks on web-based applications occur an average of twice a month. These occur when an individual or group of individuals specifically target an application after they’ve identified a vulnerability in it.
The average cost incurred by American companies after a data breach is $5.8 million
Without the appropriate online security measures in place, a company incurs millions of dollars in remediation costs. For companies that experience a data breach involving 100,000 records or less, the total remediation costs can climb to nearly $6 million. Following is a breakdown of costs.
- Incident management, including the investigation of the breach, crisis team management, detection costs – $417,000
- Breach notification costs – $509,237
- Post breach remediation, including help desk activities, product discounts, identity theft protection and regulatory activities – $1,599,966
- Lost business costs, including injury to reputation and loss of business – $3,324, 959
And if those seem like big numbers, check out the ones incurred by Target during its 2013 data breach:
- 100 million records impacted
- $88 million in post-breach costs
Healthcare has the highest per capita costs following a data breach
Regulated industries such as healthcare and financial services have the highest per capita costs following a data breach. Not surprisingly, healthcare tops the list with the most expensive cost per record ($359), with financial services coming in fourth at $206 per record. With the average company data breach impacting 30,000 records, a healthcare organization can expect to lose more than $10 million dollars from a breach, while a financial services company could lose more than $6 million.
Why is healthcare data so costly? In his recent blog, Safeguarding Your Protected Health Information, HOSTING CISO Johan Hybinette, explains that stolen PHI can take months to discover, giving thieves plenty of time to exploit it by submitting fraudulent medical claims or selling it on the black market.
DIY security solutions can be cost-prohibitive for many organizations
Online security is a top priority for CIOs in 2015. However, many of them are concerned about the cost and complexity involved in putting the technology and human capital in place. The average cost of investing in a full-time (40 hours per week) security analyst and the necessary threat management technology is approximately $280,000 over three years. For companies who require 24 x 7 x 365 security protection, the cost climbs to $1.3 million for a five person team.
Online security breaches are scary; preventing them doesn’t have to be. Listen to our webinar for more information on how the HOSTING Threat Management Solution helps organizations create and maintain a strong security posture. Have questions about online security? Call us anytime to discuss your specific needs with a HOSTING security expert.