Cybersecurity – Worth the Investment?

Cybersecurity – Worth the Investment?

Lots of companies are very attentive to the safety of their physical assets. Things like people, specialized equipment, and products are often kept properly trained, secured, and protected. But when it comes to digital assets, many business leaders have a bad habit of glazing over the subject because it’s a rather abstract resource; albeit one whose absence can cripple a company just as equally as any other type of property.

Given all the news we see about data breaches and cybersecurity on a weekly basis, two major questions emerge. Just how worried should we be about a data breach? And how much can one really cost the average company were it to occur?

What’ll it Cost?

The financial impact a hack could have on a company is a difficult thing to quantify – much like how a burglar would get away with different sized hauls in different neighborhoods. Some people have a lot of gold in their mattresses and like to leave their doors unlocked, others have beloved family pit bulls. So, it varies.

There are a couple of solid facts to consider, though. Experts with IBM have quantified the average cost of a data breach as being the highest in U.S. versus anywhere else in the world. Also, it takes an average of 197 days to discover a breach has happened, and typically an additional 69 days to shore up the breach. In that time, depending on the scale of your business operations, your company could lose anywhere from hundreds of thousands to millions of dollars.

A hack can cost about $148 per data record stolen. (IBM)

IBM’s research suggested that a hack can cost about $148 per data record stolen – but it’s important to remember that thousands of data records can be stolen in seconds. Globally, the total impact of a hack on a company averages out to be over $3.8 million. In the U.S. though, that figure is much higher. An average 2018 data breach in the U.S. costs an average of over $7.9 million.

Larger companies may incur more damages, while smaller ones may see less. But, relatively speaking, it’s a sucker punch to the throat for any business in the end.

What’re the Odds?

When we began looking into statistics about the likelihood of an average company becoming a victim of a hack, we were confident in our mindset that the sheer number of businesses throughout the world would be enough to insulate us from threat. A heard-mentally, if you will. There are much larger firms out there than ours, surely?

Well, we were totally wrong. Nine of ten businesses will experience at least one hacking incident in a given year, according to data gathered by the Hartford Steam Boiler Inspection and Insurance Company (HSB), a Connecticut-based firm that surveyed over a hundred risk managers. Their survey sample came from small, medium, and large sized companies across a whole range of different industries.

“U.S. businesses are under constant assault,” said Eric Cernak, cyber practice leader with HSB.

Hacks are a daily activity in the modern business world, and they’re only growing. The FBI’s cybercrimes division reports that more than 4,000 ransomware attacks (a type of attack where your digital property is basically held hostage) take place on a daily basis. Also, well over 30,000 websites are hacked each day, according to Sophos, an English, software, antivirus, and encryption firm.

As of January of this year, roughly 14 million U.S. businesses had been breached, in one form or another. Interestingly, human errors are a big part of the problem here. Employees should be trained in basic security practices (PhishMe). For example, over 90 percent of attacks begin when a person clicks something from a fake email. This innocuous little action can give an invader all of the information they need to get into the rest of your systems, and hackers are getting really talented at making fake emails look authentic.

It also turns out that most people are terrible at coming up with strong passwords, and companies overwhelmingly fail to backup their data, in general. All of which can be easily remedied if people took a few additional precautions.

Time for Better Defenses

In any case, companies both large and small need to understand the impact a hack can have on their bottom line. Breaches can, in fact, be the end of a company. All we need to do, even though it sounds basic, is to start protecting our digital properties with the same zeal we protect our real-world ones. Enhanced security could mean the difference between success and failure for many, just like personal protective gear is no-brainer for anyone involved in a hazardous occupation. It can be the difference between a near miss and a tragedy.

 


High-Profile Hoosier Hacks

  • January 2018 – Hancock Health in Greenfield was forced to pay a $50,000 ransom to hackers who held patient data hostage. Attackers were able to get access to the data via a vendor’s account.
  • March 2017 – The Indiana Department of Education was among 144 universities and numerous businesses, government entities, and others targeted by Iranian cyberattackers. The stolen information, including academic research in technology, medicine, and other sciences, was valued at $3.4 billion.
  • February 2015 – Anthem made history when 78.8 million of its customers were hacked. It was the largest health care breach ever.

Sources: IndyStar, Scientific American


 

Category Bottom Line, Features