Data breaches have gained widespread attention as businesses of different sizes have become heavily reliant on a digital platform, including workforce mobility and cloud computing. With sensitive business information stored on cloud servers, on local machines and the company’s databases, breaching a company’s critical data has become prevalent with ease of access to restricted networks. Data breach didn’t begin when companies started storing their influential information online. In fact, data breaches existed much before that. Before storing the data online, data theft could be as simple as viewing someone’s file without permission.
As data breaches become increasingly common, it is not safe to assume your organization is cyber secure and unbreachable. Let us look back at this year. 2019 was the year of one of the biggest breaches. As per the Data Breach QuickView Report 2019, a total of 7.9 billion records were exposed in the first 9 months of 2019. The breaches were up by over 33% compared to Q3 2018, as per the report. Some of the common business sectors that were hit by data breaches include Financial sectors, Healthcare, Government, Education and Entertainment among others.
Can we ever outrun Cybersecurity flaw?
Data breach is not going away anytime soon. For the past few years, there have been several data breaches that have made it to the headlines, ranging from a government department, business, banks and organizations. The latest sector to be hit with cybersecurity concerns was Healthcare. On December 9, 2019, over 750,000 applications for US birth certificates were found online in an Amazon Web Services bucket with no online security. The bucket wasn’t password-protected, meaning anyone could easily access the birth certificates along with their personal information. The data breach was reported by Fidus Information- a UK-based penetration testing company.
Another such incident that was reported- Mixcloud- a UK-based audio streaming platform. The Mixcloud data breach exposed more than 20 million user accounts that were put on sale on the dark web. The breached data contained details such as usernames, email addresses, last login date, the country from where the user signed up, their IP addresses and passwords that were encrypted with a SHA256 algorithm making it near to impossible by today’s standards for the hackers to crack. The stolen data was being sold on the dark web for around $4000 or 0.5 bitcoin. Since Mixcloud falls under the UK and European data protection rules, it could face fines up to 4% of its annual turnover for violations of European General Data Protection Regulation (GDPR) rules.
How hard it hits your company: Data Breach Cost
A data breach can hit a company hard and when it is least expected. It can cause irreparable harm and the after-effect tremors can last for a long time. According to IBM Security’s Cost of Data Breach Report 2019, the cost of a data breach has skyrocketed by 12% over the course of five years. An average business can be hit by as much as 3.92 million dollars. IBM Security report also estimates both the ongoing and immediate expense of a data breach. As per the report, enterprises with less than 500 employees suffered huge losses of over 2.5 million dollars, whereas, for smaller businesses, the loss can be equivalent to a major chunk of their annual revenue.
The expense, IBM states, can be caused by various factors such as legal costs, third-part cyber forensic firms, ramping up the security system, government penalties and compensation payments to those affected. As per the IBM Security report, on average, 67% of the data reach expense is realized in the first 12 months, 22% in the second year and 11% can take over two years to become visible.
What after data breach hits your company?
As we said, the after-effect of a data breach can be felt for many years. The financial services, energy companies, pharmaceutical companies and healthcare organizations are most likely to face additional expenses over time. Also, the location can make a huge difference, the report states companies based in the US can expect a hefty bill to secure the breaches caused by stolen data. On average, a company may be required to cough up as much as 8.19 million dollars. Companies face a penalty of up to 150 dollars per stolen record. If the reports are to be true, a company can take up to 206 days to discover a data breach and an additional 73 days to secure the reach of the breached data.
The consequences of a data breach can be overwhelming. Equifax is one such company that is still feeling the burn of the data breach that occurred in 2017. The credit monitoring agency became a target of a data breach which resulted in the compromise of 146 million users. Earlier this year, Equifax had signed a settlement worth $700 million. As per the official settlement, the company was required to pay $300 million into a fund meant for affected consumers, an additional $125 million if the initial payment did not suffice the need of the impacted users. This does not end here, starting January 2020, Equifax will also have to provide every impacted consumer with six free credit reports each year for the next seven years. At last, the company was also ordered to pay $175 million to 48 states, Puerto Rico and the District of Columbia. In terms of civil penalties, Equifax was required to pay another $100 million.
Micheal Gregory is an experienced system administrator with a demonstrated history of working in the computer software industry. Skilled in server administration, computer networking, customer service, network security, and Microsoft office.
ExcelliMatrix can make your idea a reality! Have questions related to Data breaches? Follow us on Facebook, & LinkedIn or Contact us, 406-646-2102 and get your questions answered.
