I am just back from a whirl wind tour of India, China and Japan and one topic seemed to dominate every conversation – Cyber Security!
If I was to summarise the points that were raised by all of our colleagues. partners and clients in our many conversations:
- Security breaches are a wake-up call for many organizations
- Usually they do not update their cyber security infrastructure and keep rolling the dice waiting to be hit
- Instead of waiting, organizations must initiate a mechanism of threat sharing
- Cyber threats must be immediately shared so that appropriate security measures can be taken in time
- The stigma of being attacked must be removed
- Government must step up and set best practices for cyber security
- We can’t solve this problem with technology alone
- Essentially it’s a human problem.
- Almost all of the attacks we see are a result of human error
- We all need to become better cyber citizens
When I returned from this exhausting but exhilarating trip I was reading the data from the 11th annual Cost of Data Breach Study (sponsored by IBM), which is recognised as being the industry’s gold-standard benchmark research, independently conducted by Ponemon Institute.
In 2016 alone we have seen breaches with Centene Corporation, the FBI, Seagate, Verizon, the IRS, and LinkedIn to name a few.
This year’s study found that the average consolidated total cost of a data breach grew from $3.8 million to $4 million.
Over a 10-month period, Ponemon Institute researchers interviewed IT, compliance and information security practitioners representing 383 organizations in 12 countries: United States, United Kingdom, Germany, Australia, France, Brazil, Japan, Italy, India, the Arabian region (a consolidation of organizations in the United Arab Emirates and Saudi Arabia), Canada and for the first time, South Africa.
While the amounts of money mentioned are staggering and could easily wipe out most businesses there is another cost that many people may not take into account.
When a company suffers a data breach besides losing money they will also suffer huge reputational damage – unfortunately when a company is breached customers and stakeholders see this as a big weakness. Was the company careless, were they not operating proper controls, are they to be trusted?
Often people don’t blame the hackers (the thieves) for the breach but they will point a big accusing finger at the organization for being so “careless” – it’s your fault!!
This long term damage could turn out to be much more detrimental that the initial financial loss.
Based on the feedback from my “tour” it looks like in too many cases the cyber penny has yet to drop!
John McGlinchey
John McGlinchey is the Senior Vice President of Global Business Development & Products for CompTIA