The latest Equifax breach settlement figure is staggering. We aren’t accustomed to such large sums, but this is a new reality of costly data breaches is likely to become the norm. Both the public and private sectors have benefited enormously from the Internet technologies, and now the bills have begun to arrive, in the form of costly and damaging data breaches. If you think the $700M settlement Equifax will pay to affected customers is expensive, the real cost of the breach is much higher.
Equifax Breach: Calculating the Real Cost
To understand the entire cost of the Equifax breach or any serious data breach, we need to take into account the full cost of remediation. This includes an in-depth investigation by highly skilled security analysts to understand the scope of the breach, identify every compromised component of the network, and recover whatever is possible if anything. Then they begin performing repairs and updates. When a major breach is detected, most companies bring in an external consulting company that has expertise in performing cyber forensic investigations because they don’t have the highly specialized expertise on the payroll. If the mainstream media picks up the story add on extra public relations costs, damage to brand, and possible loss of customers/revenue. Lastly, remember that the in addition to the estimated $700M Equifax has been ordered to pay out to customers whose data was compromised, they also paid a hefty amount in legal fees to reach that settlement and administering the payout will also come with a price.
Only Equifax knows their ‘Real Cost of Breach’, but we know the number is much, much higher that the court ordered settlement. In fact, the cost of a breach is high even if it doesn’t culminate in any legal action or media fiasco. According to the latest Ponemon Institute Cost of Data Breach Report, in 2019 the average cost of a malware attack for a large global company is $3.92M. The cost for US companies, especially those in industries like healthcare, is much higher. This year’s report includes an interactive Cost of Breach calculator any CISO can use to quickly get a rough estimate of the risk level and expected cost of a breach, according to key parameters.
Factors Influencing Risk and Cost of Breach
Source: https://databreachcalculator.mybluemix.net/
“Death, Taxes, and Data Breach”
The old adage about nothing being certain except “death and taxes” is one of my favorites because it puts wishful thinking and unbridled optimism firmly in their place, but I think it’s time we update the adage to include ‘data breach’. Data breaches are an unavoidable cost of doing business. Of course, organizations will continue to try to prevent them by securing the perimeter with all the latest firewalls, VPNs and anti-virus software, but eventually, a hacker will find a vulnerability and slip through.
‘Cost of Breach’ Is the New Line Item
Since data breaches are no longer a question of ‘if’, but rather ‘when’ and ‘how bad’, they need to be taken into consideration proactively as an integral part of strategic planning and budgeting. When executives plan budgets and look for ways to reduce risks, they need to be very realistic about estimating the probability and costs of a data breach to inform the size of their information security budget. Wishful thinking has no place in cybersecurity. The cost of data breach must be a part of your business plan.
Download The Business Case for SOAR