The digitalized business world requires businesses to adopt extraordinary security measures to safeguard their digital data from cyber attacks. Though digitalization has brought transformational changes in business operations worldwide, the increasing threats of cyber security breaches over time could not be undermined.

Popular data breach incidents

  • In Aug 2021, The LockBit ransomware team stole six terabytes of data from Accenture’s network.
  • In Oct 2021, Acer’s servers were breached by a group of hackers called Desorden, who managed to steal over 60 gigabytes worth of data containing customers’ sensitive information.
  • In June 2021, data of 700 million LinkedIn users was posted on the dark web for sale by a group of hackers.

Some important data breach findings for 2021

  • Phishing remains one of the top Action varieties in breaches in 2020, (Covid 19 being a major contributor). It was found to be the reason behind 36% of the identified breach incidents as pointed out in the 2021 Data Breach Investigations Report by Verizon.
  • The incidents of Ransomware attacks have considerably increased in the year. Around 10% of attacks have been due to Ransomware, which was another top finding of the said report.
  • 96 per cent of the data breaches were motivated by financial reasons and 3% were cyber espionage as pointed out by the report.

Cost factors of data breach

As per IBM’s cost of a data breach report 2021, the global average cost of a data breach is $3.86m.

The average cost of data breach for small businesses (with less than 500 employees) is around $2.98 m, which is a 26.8% increase over last year’s estimate. The average cost for medium-sized businesses having around 10000-25000 employees, the average cost was found to be on the higher side of around $5.52m.

The report also states that the average cost of a data breach in the healthcare industry is around $7.13m, which is 10% more than their study in the 2019 report.

What are the different types of costs associated with data breaches?

The average total cost of a data breach can be divided into four categories-

   1.  Lost business cost – 38%

Lost business costs result due to the loss of trust of consumers in the business due to data breach incidents. This highly affects the reputation of the business in the market. Consumers begin switching to rivals and additional cost is incurred in procuring new customers.

This also results due to the disruptions brought into the business due to system downtime. Everything ultimately affects sales and revenue thus resulting in losses for the business.

   2.  Detection – 29%

The cost of detection refers to the cost incurred in detecting the incident and the magnitude of the damages. Businesses are required to hire investigating services for the assessment of the situation. It also involves communication with executives and the management of the company.

A data breach cannot be identified overnight. The cost incurred is directly related to the time involved.

As per IBM’s cost of a data breach report 2021, the average time to identify a breach was found to be 207 days.

   3.  Post-breach response – 27%

This cost involves the costs associated with the responsibilities and actions that need to be undertaken by the businesses once the breach is detected. It is the responsibility of every business to establish help desks to assist the victims of such incidents.

Businesses are also liable to pay regulatory fines and penalties as applicable under the applicable laws and regulations. A huge amount is spent on hiring legal services to resolve such legal in the most amicable way.

   4.  Notification – 6%

It is a mandatory requirement for businesses to notify data subjects about the said incident. Legal regulators of the concerned jurisdiction in which the business operates also need to be informed within a stipulated time. Appropriate regulatory compliances also need to be complied with, which often require experts’ intervention.

Five ways in which MSSP can reduce the cost of a data breach/ cost of an incident

   1.  Get the security experts available 24*7 with no cost

A report discovered that 70% of organizations responded that they were addressing a cyber skills shortage and 93% of companies reported that the cyber skills shortage is either getting worse or staying the same

When you onboard an MSSP, it helps you to fill the skill gap as MSSP onboard the expert in cyber security at less cost than what the in-house team costs. MSSPs are experts in handling several cyber security responses with their larger exposure to the cyber security world.

Security experts will be available for assistance 24*7 with no cost. Further, no additional breach-related costs need to be incurred in case such unfortunate incidents arise.

   2.  Get the high end and Right Third-Party Security Solution without cost

MSP service providers can look over all IT-related matters. They maintain top required solutions as per industry standards and ratings for end-to-end processes including monitoring and detection. MSSP makes it easy with no extra cost to switch from one solution to another to cater to the changing security needs of the organization. Bringing in operational changes in businesses can enable cost savings and reduce downtime.

   3.  Save maintenance cost of running a 24*7 monitoring environment

MSSP provider takes care of the cyber security of your organization with 24*7 monitoring. It takes care of keeping the pool of experts and IT solutions running without any downtime. Since cyber-attacks can happen at any time, such a monitoring system will help in identifying such an incident sooner. The sooner an attack is identified, the lesser the damages.

   4.  Save cost on research and training the employees with vast changing technology

To cater to the business needs and keep the security fence of the organization one step ahead to combat with ever-changing cyber-attacks, it is important to keep staff updated with new technology and that requires continuous research and training for the staff. And MSSP does that for you with no extra cost.

   5.  Improved security posture with experts that helps to reduce the attack surface and attack possibilities without extra cost and efforts

MSSP service providers are always up-to-date on the latest threats and concerns. They play an important role to improve the security posture of the organization by providing the right guidance through security experts to protect the organization against advanced security threats and reduce the attack surface.

Author:

Sayali Dange – Security Consultant, Positka

Sayali works as a security Consultant for over 10 years, specializing in SIEM, Endpoint Management and Threat Modelling, with a general interest in the intersection of information security governance and user behavior.