Page 34 - Cyber Warnings
P. 34
Detection and escalation costs are at a record high. These costs include forensic
and investigative activities, assessment and audit services, crisis team management,
and communications to executive management and board of directors. Average
detection and escalation costs increased dramatically from $0.61 million to $0.73 million,
suggesting that companies are investing more heavily in these activities.
Notification costs increased slightly. Such costs typically include IT activities
associated with the creation of contact databases, determination of all regulatory
requirements, engagement of outside experts, postal expenditures, secondary mail
contacts or email bounce-backs and inbound communication set-up. This year’s average
notification costs increased slightly from $0.56 million in 2015 to $0.59 million in the
present year.
Post data breach costs increased. Such costs typically include help desk activities,
inbound communications, special investigative activities, remediation activities, legal
expenditures, product discounts, identity protection services and regulatory
interventions. These costs increased from $1.64 million in 2015 to $1.72 million in this
year’s study.
Lost business costs increased. Such costs include the abnormal turnover of
customers, increased customer acquisition activities, reputation losses and diminished
goodwill. The current year’s cost of $3.97 million represents an increase from $3.72
million in 2015. The highest level of lost business cost was $4.59 million in 2009.
Companies continue to spend more on indirect costs than direct costs. Indirect
costs include the time employees spend on data breach notification efforts or
investigations of the incident. Direct costs refer to what companies spend to minimize
the consequences of a data breach and to assist victims. These costs include engaging
forensic experts to help investigate the data breach, hiring a law firm and offering victims
identity protection services. This year the indirect costs were $145 and direct costs were
$76.
The bottom line is this: Breaches are EXTREMELY costly and may put your organization out of
business and you, out of a job. Isn’t it time to take an Offensive approach to cyber security?
Aren’t you tired of reading about breaches in the news, wondering if your organization will be
next?
Are Insider Threats Really That Serious?
According to the Insider Threat Report of 2016, by Crowd Research Partners, Seventy-four
percent of organizations feel vulnerable to insider threats - a dramatic seven percentage point
increase over last year’s survey.
Even though only 42 percent of companies feel they have appropriate controls to prevent an
insider attack, only three percent of companies feel they are not at all vulnerable to an insider
attack.
34 Cyber Warnings E-Magazine – August 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide