IBM and Ponemon broke the average cost of a breach up into four broad categories – detection and
            escalation (29 per cent), notification (6 per cent), post-breach response (27 per cent) and lost business
            cost (38 per cent). Lost business costs include business disruption and revenue losses from system
            downtime; the cost of lost customers; reputation losses; and diminished goodwill.


            A 2019 Deloitte report determined that up to 90 per cent of the total costs in a cyberattack occur beneath
            the surface – that the disruption to a business’ operations, as well as insurance premium increases, credit
            rating impact, loss of customer relationships and brand devaluation are the real killers in the long run.

            It can take time for the true impacts of a breach to reveal themselves. In 2021, the National Australia
            Bank revealed it had paid $686,878 in compensation to customers as the result of a 2019 data breach,
            which led to the personal account details of about 13,000 customers being uploaded to the dark web.

            The costs included the reissuance of government identification documents, as well as subscriptions to
            independent, enhanced fraud detection services for the affected customers. But the bank also had to hire
            a team of cyber-intelligence experts to investigate the breach, the cost of which remains unknown.

            The IBM and Ponemon report confirms that the costs of a data breach won’t all be felt straight away.
            While the bulk of an average data breach’s cost (53 per cent) is incurred in the first year, another 31 per
            cent is incurred in the second year, and the final 16 per cent is incurred more than two years after the
            event.

            And with the recent rise of double extortion – in which cyber criminals not only take control of a system
            and demand payment for its return, but also threaten to leak the data they’ve stolen unless they receive
            a separate payment – we’re likely to see data breaches exact a heavy toll for even longer time periods
            moving forward.



            How can you protect your data?

            Data breaches are becoming costlier and more common, so it’s more important than ever to ensure your
            data is protected.

            Many businesses are turning to cyber insurance to protect themselves. Cyber insurance typically covers
            costs related to the loss of data, as well as fines and penalties imposed by regulators, public relations
            costs, and compensation to third parties for failure to protect their data.

            But as breaches become a virtual inevitability and claims for catastrophic cyberattacks become more
            common,  insurers  are  getting  cold  feet.  Premiums  are  skyrocketing,  and  insurers  are  limiting  their
            coverage, with some capping their coverage at about half of what they used to offer and others refusing
            to offer cyber insurance policies altogether.

            Regardless, cyber insurance is not a cyber security policy. Even the most favourable cyber insurance
            policy doesn’t prevent breaches, but merely attempts to mitigate the impact after the horse has already
            bolted.








                                                                                                            145