Historic Hacks: How Much Do Data Breaches Cost?
Throughout our series of Historic Hacks, we have often looked at the damages created by notorious hackers. From worms like Melissa to hackers like Gary McKinnon, we have hashed out the dirty deeds of these historic data breaches. However, we have yet to look closely at the aftermath of these digital messes. Today in our Historic Hacks series, we will ask the questions:
- How much do data breaches cost companies?
- And how do businesses clean up after a hacker has infiltrated their systems?
See below for the answers to these important questions:
Data breaches, not small change
According to an infographic released by Forbes, data breaches cost companies an average of $3.86 million. They also include a small disclaimer that states that for large-scale companies, data breaches can cost up to hundreds of millions of dollars.
In July 2018, IBM published a report after analyzing data gathered from 2,200 data security professionals and 447 companies who have experienced a data breach in the last year. The report found that data breaches are continuing to grow in occurrence and cost businesses more and more money each year.
On average, each stolen record costs a business $148, and the chance of retrieving stolen information is only 27.9%. IBM reports that it takes companies approximately 197 days to identify a breach and another 69 days to clean up and contain the aftermath. The average cost of a data breach was higher in the US than in any other country, totaling $7.91 million.
Clean up and recovery
According to Exabeam chief security strategist Steve Moore, “A data breach itself is the second worst possible event which can occur in an organization; the mismanagement of the communication about the response is the worst.” A company’s response to a data breach is crucial, especially in the early hours of the discovery.
Businesses must freeze everything, even if it hinders progress to properly diagnose the extent of the breach and to prevent intruders from returning. Logs and audits must be analyzed and all passwords, credentials, and access logins must be changed immediately. After determining the impact, it is important that companies find out exactly how the data was accessed and stolen.
Next is the planning stage that requires all necessary personnel, both internal and external, to be involved an thoroughly understand each action point. It is also important that a public relations plan take shape to reassure the public that a company is taking all necessary steps to retrieve any missing data while also preventing further damages.
The best way to protect a company or organization from a data breach is to have a secure plan of action in the event a breach does occur. It is nearly impossible to secure every single access point in a company, so it is imperative that a business knows exactly how to respond when the eventual day comes. While a disaster plan sounds grim, it is a step towards data recovery and more secure systems.