The True Cost of Data Breaches
Matthew Rosenquist
CISO at Mercury Risk. - Formerly Intel Corp, Cybersecurity Strategist, Board Advisor, Keynote Speaker, 190k followers
It is a Data Breach World! 2015 was a banner year for the loss of sensitive records. Over 700 million records were exposed, with government and healthcare organizations representing the biggest victims. Wrapping our minds around the loss and subsequent costs is beyond difficult. With 80 thousand records lost every hour, a stream of never ending headlines, executives stepping down, and a steady increase in the grumblings of consumer opinions, how can we quantify the risk picture? Some models exist, attempting to pin a cost-per-record by averaging widely varying extremes across an ever changing spectrum of damages, but the results are often less than comprehensive or accurate when applied in a predictive nature. The question of costs and impacts are becoming ever more needed by executives who are trying to manage the risks. What are the factors?
When an organization suffers a data breach, a number of challenges, cascading effects, and business decisions contribute to the total of all the associated costs. The scope extends beyond a fixed dollar-per-stolen-record calculation, as it invariably includes expenditures for new security measures, legal fees, third-party forensic services, changes to business processes, as well as a loss of reputation and customer goodwill. There is a complex set of chain reactions which occur after every significant data breach, each adding its own contribution to the overall cost and business impact.
I had the pleasure of speaking to the topic at the 2016 iSMG Fraud and Data Breach Summit in San Francisco. I briefly covered the range of impacts, popular cost models, detailed the different cost aspects, provided recommendations, and even touched on where the attackers will be taking data breaches in the future. Ultimately, we must conclude the actual costs of Data Breaches is more complex than the common perception. A better understanding of the costs and risks-of-loss, provide valuable insights to organizations seeking to determine their desired path and achieve their optimal level of security.
The presentation slides are available on Slideshare.net Interested in more? Follow me on Twitter (@Matt_Rosenquist) to hear insights and what is going on in cybersecurity.
Senior Associate IT Security Management Power automate enthusiast and successful creator of automated flows improving efficiency and productivity
8 年Very nice presentation, I liked that you added the cost to the brand integrity as well as just the monetary, companies forget how can you put a price on the trust of the public?, once that goes it is hard to get it back. Security has I think always been looked at as something that halts progress and just generally gets in the way of work and innovation and does not make money for the company, but that's not accurate, while it may not directly create a profit for a company it does maintain it and indeed help it grow. By creating trust and a safe environment for internet activities people will trust and keep going back to that site. I think security should be seen not as brakes as I have seen suggested, but rather like a seatbelt, it keeps you safe while you are moving forward, and that is really what it does, you should not even want to release something to the public without first making sure its safe as you can make If software and sites are developed with" how can I keep people who use this safe", then security is now established as part of the creative process and not an annoying after thought!
Owner, Keen Logic Consulting / Real Estate Investor / Commercial Remote Drone Pilot
8 年Excellent presentation and article Matthew