This time of year is an important one for data security research. Verizon publishes its review of the past year's data breaches, and the Ponemon Institute, a tech research organization, publishes its report on the cost of data breaches. We profiled the Verizon research yesterday in "These 9 Mistakes Cause 94% of Data Breaches." Now let’s turn our attention to the Ponemon Institute's analysis of the cost and likelihood of data breaches.
Data Breaches Just Got More Expensive
The Ponemon Institute's 2014 Cost of Data Breach Study reveals that data breaches are 15 percent more expensive than they were at the time of last year’s study. The average total cost of a data breach increased to a hefty $3.5 million. Ouch.
Of course, many data breaches are smaller than that. So how do you estimate the cost of a data breach based on a “smaller than average” amount of compromised information? There are many online tools that estimate the cost of lost productivity, fees, and other expenses. But the easiest way is to use the Ponemon Institute's number: $195 per record.
Just take that number and multiply it by the number of lost records. For instance, if a client's laptop is stolen, and it contains 1,000 customer records, the client can expect, on average, to pay $195,000 in data breach expenses. These costs can include lawsuits, lost revenue, PR consultations, and credit monitoring for customers.
How to Predict Your Odds of a Data Breach
What are the odds that a data breach will affect you or your clients? To help you put data threats in context, let's look at some of the research about data breaches.
According to the Ponemon Institute, U.S. companies have an 18.7 percent chance of having a data breach involving at least 10,000 records.
The following factors increase the cost of a data breach and generally make the cleanup process messier:
- Lost or stolen devices.
- Having third parties (i.e., vendors) involved in the breach.
Of course, clients can't avoid hiring vendors to provide IT services, and no device is thef- proof. But there are ways to reduce these risks.
As an IT consultant, you need to pay special attention to these areas of data security. Know that when a client is using a vendor who has access to their network, this is a potential weak point in their data security. In addition, remind clients about ways to prevent device theft.
(For more information about what makes outside vendors so risky, see "Help Your Clients Understand the Risks from Third-Party Contractors.”)
2014 Cyber Risks: Which Cyber Attacks Are on the Rise?
After surveying IT professionals, the Ponemon Institute identified the two security threats that nearly half of security experts expect to increase in the coming year. They are:
- Malicious code (i.e., malware and crimeware).
- Sustained probes (i.e., scanners).
IBM estimates that 63 percent of all cyber attacks are caused by these two threats. Scanners, in particular web-app scanners, have become an efficient way for cyber criminals to break into networks. Sustained probes test a system (whether it's a web app or source code), looking for any vulnerabilities in that code. Once a vulnerability is identified, cyber criminals have found a way in and are able to access private data or gain control over the system.
To combat against scanners and malware, always update client software immediately. In addition, be wary of amateur web apps. For instance, it's estimated that 70 percent of WordPress sites have basic security flaws.
How to Protect Your IT Consulting Business in a World of Growing Cyber Liability
To protect your business, you might need a two-pronged approach that includes:
E and O Insurance covers your legal expenses when clients sue you over data breaches and professional mistakes. If your clients have Cyber Liability Insurance, their insurance can cover fixing the data breach, protecting their customers after a breach, and some other related expenses – which means they might be less tempted to sue you for those expenses.
For a free quote on your E&O coverage, submit an online E&O application today.