New Survey Finds the Crippling Cost of a Data Breach: Priceless
The results are in, and word is out, from the US, UK, France, Germany, and a number of other European countries. 1,000 non-IT business managers were surveyed across these nations by NTT Com Security on the subject of cybersecurity, data protection, and organizational preparedness and cost. The most telling statistic reveals a trend that has been a long time building, which is that people now view experiencing a data breach as commonplace and inevitable as getting a bee sting at some point in your life. Two-thirds of the surveyed respondents answered thusly, believing their organization could be the next headline—and they could easily be right. Damage done to a company as a result of a breach was also addressed, both financial and reputational: respondents stated a breach could cost around $1 million, for starters, including remediation costs, legal fees, fines, and so on. When you then factor in lost customers and brand erosion, not to mention PR, the bill only gets bigger. Estimates in the survey postulate a 13% decrease in revenue following a data breach. Data is more vulnerable (and valuable) than ever before, yet the report is that only 13% of an organization’s IT budget goes to information security (which is up from 10% in 2014, at least).
The rest of the survey paints a similar picture, one of continued unreadiness and equal expectation to be hit by a breach costly both financially and employment-wise—an outlook that, in all, reflects the current reality for every company.
Not all, however, will display even nominal concern in this area. Look at VTech, for example. Late last year, the children’s toy company experienced a massive security breach that exposed the personal information of millions of users, including data on hundreds of thousands of kids. Learning Lodge, VTech’s online app store, was the main target compromised in this debacle, and had to be relaunched. Only, it seems like instead of taking measures to bolster their defenses for future attacks, the company has prioritized abandoning responsibility. Updates to the terms and conditions include such qualifiers as “at your own risk” and “full responsibility,” when it comes to using their services. In other words, “Not our problem.”
People are, of course, not too happy about this buck-passing indifference, and the negative precedent it might set for other companies seeking to easily evade penalties for allowing customer data to be compromised. Boycotts of VTech products have even been proposed, which could make a difference in this individual case. Still, although protecting personal information isn’t always cheap, businesses would do well to consider the cost if they don’t. At least NTT’s respondents are.
By: Jonathan Weicher, post on February 12, 2016
Originally published at: http://www.netlib.com