Data violation is a serious problem that every business, regardless of size, must deal with sooner or later. The theft of confidential information can have a significant impact on company costs, particularly in the case of smaller businesses.
Furthermore, the damage can also affect a company’s image and therefore its brand reputation. Considering that all this could undermine the trust of business partners and clients, it is essential to adopt effective precautionary measures.
A brief overview of data violation in 2020
A report based on a sample of 524 companies, including 21 Italian firms, who had fallen victim to data violation between August 2019 and April 2020, revealed a slight drop in the average total cost of resolving data theft related issues. In 2019, the average company expenditure on this was 3.92 million dollars, while it is currently around 3.86 million.
However, the decrease does not mean that the phenomenon of cyber-attacks is in decline, as due to the onset of the Covid-19 pandemic and the growing trend of smart working, IT system vulnerability has increased along with the number of cyber-crimes.
This figure only shows that it is small firms, who are usually less attentive to IT security, that are facing higher costs due to data violation. Large companies, which normally possess more advanced technologies and efficient security automation, are able to limit potential financial losses.
The main causes of data violation and the relative costs
The results of the survey highlight some of the most common weak points exploited by cyber-criminals in order to commit data violation. At the top of the list is theft/compromise of credentials and the incorrect configuration of cloud servers, which together account for 38% of total cases.
Employees’ carelessness regarding managing and protecting their company network access credentials costs companies an average of one million dollars more compared to the global data violation average (approximately 4.77 million). As for the impact of server configuration errors however, the estimated cost is around half a million dollars.
There are also attacks known as ‘Nation-State’, targeted at government agencies, state organisations, critical infrastructures and large companies in possession of highly sensitive data regarding the general population. In financial terms, damage to these organisations is considerable, as the criminals usually target highly valuable data.
As a result, this can lead to those targeted making a deal with their attackers, in order to prevent the organisation’s image being damaged or to avoid potentially dangerous social and political consequences. Recovery costs, according to the report, are around 4.43 million dollars.
Useful advice to protect your business
As discussed above, cyber-attacks have a real impact on company costs. For this reason, it is important to take put sufficient measures in place and make targeted investments. More specifically, it is strongly recommended that:
- Problem identification and resolution times are optimised by adopting a SOAR approach (security orchestration, automation and response);
- A ‘zero trust security model is implemented, so as to prevent any unauthorised access to the most important data;
- Cyber-resilience is increased via stress tests on company intervention and security policies;
- Investment is made in governance, risk management and conformance programs;
- Efforts are made to simplify security and IT environments;
- Sufficient policies and technologies are introduced for the protection of cloud environments;
- Web security agencies are used if experts in cyber security are not available in-house.
By following the above guidelines, it is possible to limit data violation and therefore also the financial losses deriving from it.
Translated by Joanne Beckwith