Three recent cybersecurity surveys have identified the main security-related concerns for businesses (data loss and leakage), the repercussions (the rising cost of data breaches) and what can be done to address the problems (enhanced employee training).
Given the increasing importance of effective cybersecurity, businesses are keen to identify best practices and learn lessons from the experiences of others. The three new studies have lifted the lid on what issues keep business owners and directors awake at night and what can be done to alleviate their concerns.
The new ‘2019 Cloud Security Report’ from Cybersecurity Insiders is in no doubt that data loss and leakage are the number one cloud security concerns, reported by 64% of respondents to the study. This was closely followed by data privacy/confidentiality, as reported by 62% of respondents, with other concerns all polling significantly lower scores.
These views are endorsed by a new IBM study, which reveals that data breaches are on the rise and, worryingly, the costs associated with these breaches are also ramping up significantly.
The cost of a data breach has in fact risen by 12% over the past five years and now stands at £3.24 million on average, according to IBM. These rising expenses are made-up of the multi-year financial impact of breaches, increased regulation and the complex process of resolving criminal attacks. As part of this figure, it’s interesting to note that data breaches are estimated to cost businesses around £125 for each lost or stolen record.
Revealingly, the organisations that experience data breaches, no matter their size, will feel the financial impact of the breach for years (and of course there’s also the reputational damage to take into account). The IBM report found that while an average of 67% of data breach costs were accounted for within the first year following a breach, 22% were accrued in the second year and another 11% accumulated more than two years after a breach occurred. These ongoing costs are particularly prevalent for organisations in highly-regulated environments, such as healthcare, financial services, energy and pharmaceuticals.
Data breaches that originated from a malicious cyber-attack were not only the most common root cause of a breach, with inadvertent breaches from human error and system glitches still causing 49% of the breaches according to the report, they were also the most expensive.
What can be done to addresses this growing tide of data losses? There’s a growing consensus that effective education is imperative as cybercriminals are shifting away from attacking infrastructure and are increasingly targeting individuals, making a people-centric approach to security absolutely essential.
Phishing is the tool of choice for cybercriminals as they attempt to trick employees into divulging confidential details such as passwords and user account information. Weak employee training is also the main reason that organisations are vulnerable to phishing attacks according to Proofpoint’s recent ‘2019 Beyond the Phish’ report.
Educating employees about cybersecurity best practices is the best way to empower users to understand how to protect their and their employer’s data, making end users a strong last line of defence against cyber attackers. This point was reinforced by Amy Baker, vice president of Security Awareness Training Strategy and Development for Proofpoint who said: “Implementing ongoing and effective security awareness training is a necessary foundational pillar when building a strong culture of security.”