It’s no longer just money that makes the world go round, it is the data which drives and digitises our industry. Whilst it provides businesses with that all-important competitive advantage, it also undeniably paves the way for the biggest threat in a generation – cyber-crime. It is estimated that, in 2022, 6 of the world’s 8 billion inhabitants are connected to the internet. According to leading global researchers, Cybersecurity Ventures, we will reach 7.5 billion internet users by 2030. CISCO’s internet report 2018-2023 concurs, the tech giant reporting that by 2023, there will be three times the number of networked devices on earth than humans; nearly 30 billion. 45% of these devices will be mobile. Users create data. In fact, forecasts predict that the world will store 200 zettabytes of data by 2025. + One of the biggest challenges the business world has ever faced is how to prevent data governance issues and remain compliant with legislation. Since the start of the pandemic, cyber-attacks have soared in both frequency and sophistication, along with their devastating impact on the organisations that fall victim. There has been an explosion of social engineering and ransomware attacks. The latter takes 49 days longer to contain. ^
83% of organisations surveyed have had more than one data breach.
IBM. The cost of a data breach report.
How much does it cost?
Damage cost estimation is based on the year-on-year growth of the cyber-crime figures. In 2021, data breach costs rose to their highest in 17 years, an average of US$4.24 million. (This was $3.86m the previous year). * A mega breach, an event where a minimum of 50 million records are stolen, costs 100 times more than the above figure. In 2021, the average cost of a breach of between 50 – 60 million records is US $387 million. ^ This is not to say that only global corporations are targeted by cybercriminals, far from it. According to Symantec’s 2022 Internet Security Threat Report, 61% of all cyber-attacks were aimed at small businesses. After all, 70% are unprepared with no IT security resources. *** With total global damages of an estimated US$6 trillion in 2021++, if it were a country, cyber-crime would be the world’s third-largest economy, behind the United States and China. + In the U.S alone, the FBI reported that cybercriminals stole US$6.9 billion in 2021**. As the population, the number of devices and the data generated increases this will continue to soar. Cybersecurity Ventures predict that global cyber-crime costs will grow by 15% every year, rising to US$10.5 trillion annually by 2025. +
How is the cost of a data breach calculated?
In the UK and the EU, most CISOs or DPOs are fully aware of the fines imposed if an organisation falls foul of data protection laws that are in place to protect company data and the rights of individuals. Under EU and UK GDPR legislation, the maximum fine is £17.5 million (€20 million) or 4% of the annual global turnover, whichever is higher. However, the financial implications far exceed any legal fine – the theft of intellectual property or money itself, business continuity, the cost of system restoration, lost productivity and brand equity to name a few. Lost business alone can contribute to 38% of the total data breach costs+++. A damaged reputation and customer turnover alone can have a serious effect – some businesses take years to recover, whilst others, will simply not be able to bounce back. IBM reports that when it comes to mega breaches, there is an extensive impact on consumers; 60% of these substantial events result in increased prices, and the corporation has little choice but to pass it on to customers to survive. Many might expect share prices to plummet after any breach or mega breach, but Comparitech recently reported that the consequences continue for several years, although share prices reach their lowest around 110 market days, post-breach, on average, a company’s share price falls by 7.27%. In one of the most high-profile cases, Facebook’s market value fell by US$119billion (£90.8bn) following the Cambridge Analytica breach of 87 million profiles in 2018. ^^ Shares nosedived the following day as 3 million European users left immediately.
How to avoid a data security breach.
Zero-trust.
According to the 2022 IBM study, the average cost of a breach has risen by US$1.07 million due to the sudden rise in remote working; people’s guards are known to fall away from the office. A larger attack surface of insecure home internet connections and devices appeared almost overnight for the criminals. Businesses turned to multiple cloud environments, IaaS, and employees’ own devices (BYOD) in order to adapt at pace. The traditional security infrastructures became outdated and ineffective, the network was no longer protected by the firewall and the office’s physical perimeter. If attacked remotely, organisations take longer to discover and contain the breach lifecycle, increasing costs. The average breach takes 277 days to regain control. ^ Consequently, the average cost is nearly US$1 million greater, compared to situations where remote or hybrid working wasn’t a factor^. A zero-trust approach reduces the average cost of a breach by US$1.76 million^. By never trusting any device, user, workflow or system, the likelihood of an internal breach is dramatically reduced. The ‘always verify first’ approach is ideal for CISOs and CIOs managing complex environments. Not only will it help protect company data and resources by limiting access, it helps security teams detect potential incidents and respond accordingly. Should a breach occur, by operating a mature zero-trust architecture, the average cost savings total US$1.51 million, when compared to those who have just adopted the approach. Supporting automation tools and increasingly security AI that monitors endpoints are helping corporations detect and contain data breaches far faster. An incident’s lifecycle is one of the largest factors determining the cost, therefore this can reduce the total by as much as 80%. +++ The longer it remains undetected, the more corporate data can be extracted.
Encryption.
Extensive use of encryption has had the largest bearing, reducing the financial impact of a data breach by US$3.62m, on average. By reducing the volume of vulnerable data, encryption protects information whether stored on an IoT device or in a cloud environment, helping organisations secure the sensitive records that they digitalise. By scrambling text, security is enhanced between client and servers, your data is only valuable when it can be read.
IT asset disposal.
We are more connected than we have ever been. Statista reports that global Internet of Things devices will reach 75 billion by 2025; a three-fold increase from 2019. Everything from our toothbrush to our tv is connected. They all contain data; highlighting the importance of data destruction and secure IT asset disposal. Whilst an employee’s toothbrush may not seem a threat to your organisation’s data security, the IoT is inherently vulnerable with poor security. These devices provide easy access for the threat actors who use them as a portal to gain access and travel through your network. When it comes to our company’s redundant IT assets, many instinctively hold on to old tablets, hard drives and laptops, whilst old smartphones gather dust in office drawers across the UK. Whether it’s mobile device recycling, asset recovery or data centre decommissioning, it is essential to have a robust IT asset disposal policy. A reliable ITAD supplier will ensure you don’t run into future data security issues. Complete data erasure of end-of-life IT assets will ensure your legal data protection compliance with a proven ITAD chain of custody – each piece of redundant IT equipment receiving its own IT asset disposal accreditation certificate. Environmentally friendly ITAD is obviously a good thing to do, helping to reduce e-waste and contributing to the circular model, but it also provides a residual return for the value of the components erased and extracted to be used again.
Our highly digitalised society demands increased c-suite awareness and prioritised budgets for effective cybersecurity throughout the entire lifecycle; from purchase through to secure ITAD of all assets. Zero-trust, encryption and automation not only reduce the total cost of an attack but dramatically reduce the likelihood of either an internal or external breach event. One of the biggest challenges in data governance, the digital revolution continues at a rapid speed. Our businesses will become defined by the safekeeping of their sensitive data and level of cyber resilience – increasingly important to both customers and associates alike. *CyberTalk +Cybersecurity Ventures, ^IBM, **The Digital Guardian, ++TechXplore, ^^The Guardian, *** Renolon, +++Upguard,
tier1 Group provides comprehensive data erasure services, lifecycle management and free IT asset disposal, helping you to remain fully compliant with data protection legislation. We specialise in big data ITAD including on-site data centre decommissioning and also provide a secure office relocation service – ask us about our out-of-hours service. Find out how our data wiping services can support your organisation – contact us on 0161 777 1000 (Manchester), 01621 484380 (Maldon) or visit www.tier1.com/contactus
Resources. Statista, IBM, Info Security Magazine, Comparitech, Cybint Solutions, Upguard, Cyber talk, Cybersecurity Ventures, CISCO, TechXplore, Digital Guardian, IT Governance, The Guardian, Renolon,