Recently, a colleague asked me to explain the cost of cyber security. I have frequently worked on projects and issues to identify and remediate information technology related risks, but the focus has usually been on the cost of prevention. All too often, these are the only costs discussed.
Let's start with the common misconception that cyber risks are the responsibility of the CIO only. An effective cybersecurity program is integrated into the larger enterprise risk management program, strategic in its focus and executed across departmental lines.
Security breaches are a growing risk concern for CFOs and CIOs alike. The most widely published are Epsilon and SONY. You can see a brief list of others here.
The cost of a cybersecurity breach averages about $200 per record breached, when factoring lost business, fines and litigation costs, lost shareholder value and damage to the company's reputation. About 65% of the cost of a data breach is due to lost business. According to the Congressional Research Service, American business have lost an estimated $46 billion due to cyber theft since 2004.
Another point to consider is that the majority of breaches are caused by people with access to the system, not unauthorized hackers. Technology solutions have been the answer in recent years, but it is critical that businesses now understand the need to address the human element in effective security management.
Social Engineering is the term used to describe the deceptive practice used to gather information or gain system access. All employees need to understand what it is and how to protect their companies from these "con artists."
No comments:
Post a Comment