Commonly known as cyber-attacks, data breaches, or cybercrimes, data theft (whether it is internally or externally driven) can bankrupt the average business. During the fallout of a data breach, businesses can lose proprietary data that form the core of their capital-generating strategies. The aftermath of this can result in massive lawsuits. As these incidents increase, businesses are asking how much a cyber incident could cost them.
The U.S. government collects information on cybercrime and cyber espionage through various means. Yet, it is still difficult to accurately assess the cost of cybercrime for the average business because of varying business landscapes and the diversity of cybercrime attack methods. In addition, businesses are often reluctant to report these incidents due to the potentially devastating fallout or further exposing vulnerabilities that subsequent cybercrime provocateurs could exploit.
Many reputable cybercrime surveys peg the average business’s annual losses at anywhere from $1 million to more than $3 million. This falls in line with PriceWaterhouseCoopers (PwC) 2014 Global Economic Crime Survey, which found that 7 percent of U.S. organizations lost $1 million or more due to cybercrime incidents in 2013. The survey went on to show that 19 percent of U.S. entities reported financial losses of $50,000 to $1 million, compared with 8 percent of worldwide respondents.
Cybersecurity leaders from PwC, CSO magazine, the CERT® Division of the Software Engineering Institute at Carnegie Mellon University, and the United States Secret Service worked together to evaluate survey responses from more than 500 executives of U.S. businesses, law enforcement services, and government agencies.
Among the many leading methods of data breaches affecting businesses, the survey found that mobile security is increasing with the spread of BYOD in businesses across all sectors. The survey found that only 36 percent of survey respondents employ mobile device management. In addition, a disappointing 31 percent have a mobile security strategy while only 38 percent encrypt devices.
The Ponemon Institute, widely considered to be a leading research center dedicated to privacy, data protection and information, reported the chief findings of its annual Cost of Cyber Crime Study for 2014 in its blog. The study found that the average cost of cybercrime to a company was $3.5 million, which is 15 percent more than what it cost in 2013.
While many businesses are investing in cyber security insurance to cover legal and communications costs following a breach, they are also increasing their level of security technology infrastructure beyond baseline controls like firewalls and antivirus software to combat the data breaches before they occur. Businesses are realizing the efficiency in cost and security of more robust, intelligent, intuitive, and highly adaptable Internet security management systems and software.
As always, proper data protection begins with properly identifying and assessing what data needs to be protected, who may have access to what data, and what restrictions are necessary for each user. With every business dependent on being part of an online connected world, thwarting cybercrime requires, at the very least, thorough assessment and a highly developed security plan.