It seems every day we’re hearing about another security breach with a Fortune 500 company or Governmental entity. Just in the last few years, high-profile breaches have impacted Target, Home Depot, Barnes & Noble, Anthem, Sony, the Department of Homeland Security, and the list goes on from there.
In 2014, breaches of these institutions were mostly associated with the loss, exposure, or theft of personally identifiable information and intellectual property. The result? Cybercrime and compliance costs are climbing for companies both in the U.S. and overseas.
A recent study by the Ponemon Institute, which conducts independent research on privacy, data protection, and information security policy, reports some startling figures:
- Average annual cost of cybercrime per large U.S. company: $15.4 million, an increase of 19 percent from $12.7 million one year ago; this number represents a startling 82 percent leap from Ponemon’s inaugural study six years ago
- For U.S. companies of all sizes, cybercrime costs range widely from $1.9 million to $65 million
- Average cost of a cyberattack on a U.S. company rose 22 percent to $1.9 million from $1.5 million
- Globally, the average annualized cost of cybercrime increased 1.9 percent from last year to $7.7 million.
While users, corporations, and security firms are improving their overall security awareness and cyberattack detection and prevention techniques, the hackers are evolving as well. For example, a recent cyberattack on British broadband supplier, Talk Talk, led to the theft of personal data from more than 4 million customers. The difference between this attack and others you may have heard about in the past is that the hackers gained access to the data by exploiting a development flaw (SQL injection) in the company’s customer website, not because of a weak password or system vulnerability, which was seen more frequently in the past.
With the increasing number and cost of data breaches like these, IT security is no longer seen by business leaders as just a technology issue — it is now a business risk. Given budget limitations, there are strategic steps every business can take to mitigate security breach risks to their organization and their organization’s customers. IT security awareness, planning, and testing, as well as compliance audits of vendors is a good place to start.
Skoda Minotti’s Vulnerability Assessment and Penetration Testing Services evaluate your network and web applications to test whether vulnerabilities exist in your environment and what to do to mitigate them. Our streamlined processes and certified ethical hackers leverage testing routines designed to detect vulnerabilities that were previously unknown to the entity with sufficient detail to allow for proper and timely remediation.