Page 145 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 145
IBM and Ponemon broke the average cost of a breach up into four broad categories – detection and
escalation (29 per cent), notification (6 per cent), post-breach response (27 per cent) and lost business
cost (38 per cent). Lost business costs include business disruption and revenue losses from system
downtime; the cost of lost customers; reputation losses; and diminished goodwill.
A 2019 Deloitte report determined that up to 90 per cent of the total costs in a cyberattack occur beneath
the surface – that the disruption to a business’ operations, as well as insurance premium increases, credit
rating impact, loss of customer relationships and brand devaluation are the real killers in the long run.
It can take time for the true impacts of a breach to reveal themselves. In 2021, the National Australia
Bank revealed it had paid $686,878 in compensation to customers as the result of a 2019 data breach,
which led to the personal account details of about 13,000 customers being uploaded to the dark web.
The costs included the reissuance of government identification documents, as well as subscriptions to
independent, enhanced fraud detection services for the affected customers. But the bank also had to hire
a team of cyber-intelligence experts to investigate the breach, the cost of which remains unknown.
The IBM and Ponemon report confirms that the costs of a data breach won’t all be felt straight away.
While the bulk of an average data breach’s cost (53 per cent) is incurred in the first year, another 31 per
cent is incurred in the second year, and the final 16 per cent is incurred more than two years after the
event.
And with the recent rise of double extortion – in which cyber criminals not only take control of a system
and demand payment for its return, but also threaten to leak the data they’ve stolen unless they receive
a separate payment – we’re likely to see data breaches exact a heavy toll for even longer time periods
moving forward.
How can you protect your data?
Data breaches are becoming costlier and more common, so it’s more important than ever to ensure your
data is protected.
Many businesses are turning to cyber insurance to protect themselves. Cyber insurance typically covers
costs related to the loss of data, as well as fines and penalties imposed by regulators, public relations
costs, and compensation to third parties for failure to protect their data.
But as breaches become a virtual inevitability and claims for catastrophic cyberattacks become more
common, insurers are getting cold feet. Premiums are skyrocketing, and insurers are limiting their
coverage, with some capping their coverage at about half of what they used to offer and others refusing
to offer cyber insurance policies altogether.
Regardless, cyber insurance is not a cyber security policy. Even the most favourable cyber insurance
policy doesn’t prevent breaches, but merely attempts to mitigate the impact after the horse has already
bolted.
145