[BreachExchange] The Cost Of Data Breaches Will Get Even Higher

[Audrey McNeil]

http://www.huffingtonpost.co.uk/alastair-paterson/the-cost-
of-data-breaches_b_12573436.html

We all know cyberattacks are a fact of business life these days and it is
no longer a question of if you get attacked, but instead when will you be
compromised.

When the ‘inevitable happened’, it used to be that a company was hit
financially as a by-product of being hacked by cybercriminals due to
factors like the impact on their reputation; customer loyalty and even
share price.

High profile hacks of businesses like Target in the US resulted in
large-scale customer desertion (although short-term), a reduction in share
price and even executives losing their jobs.

Attacks are not going away - on the contrary they are getting more common.
According to a UK government 2015 information security breaches survey, 90%
of large organisations and 74% of SMEs reported a security breach, leading
to an estimated total of £1.4bn in regulatory fines that have a current
maximum of £500,000.

But from 2018 the cost of a data breach or hack could go far higher with
new EU legislation on data breach notification set to be implemented.

These changes mean UK businesses could face up to £122bn in penalties for
data breaches.

In 2018, the European Union’s General Data Protection Regulation (GDPR)
will introduce fines for groups of companies of to €20m or 4% of annual
worldwide turnover, whichever is greater.

Of course we don’t know what changes there might be based on Brexit, but
even so it is likely the UK will adopt a similar fine doctrine.

Clearly companies, both large and small, need to act now and start putting
in place robust standards and procedures to counter the cyber security
threat, or face the prospect of paying drastically increased costs in
regulatory fines, as well as the reputational harm to their brand.

To be ready for this and to counter the growing industrialization of
hacking, businesses must gain an awareness of their digital footprint and
the profile of their attackers. By doing this they can prioritize their
security to where it has the most impact and therefore prevent, detect and
help contain cyber-related incidents.

Only by analyzing their company through an ‘attacker’s eye view’, can they
be alert of potential threats, instances of sensitive data lose or
compromised brand integrity and be able to stop them quickly with less
impact on their brand, and then regulatory regime.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161024/6d55ff0d/attachment.html>