The most fatal hazards in any environment are those that are unseen or unprepared for. As we are ever increasing our dependency on technology we have to understand and, have a pulse on, the risks that we are taking as we enter into these fields.
In their 2017 Cost of Data Breach Study, Ponemon Institute discusses these hazards and gives us some very insightful statistics as to what the risks are that we face as an industry.
Globally the average cost per record is $141. In the US we face an average cost per Record of $225. A record is basically information that is tied to a person such as a birthdate, social security number, etc.
The Financial Sector was even higher at an average cost per record of $245. Second only to the Healthcare Sector with an average cost of $380 per record. That means a company with a mere 1,000 records is looking at a data breach recovery cost of $380,000! We can also safely assume that because they only show the global statistics per industry, that in the United States, the average could be higher for the Financial Sector.
To continue laying out the potential problem Financial Institutions face, the study has a section that show the “Abnormal Churn Rate”. This basically measures the abnormal turnover of customers after a breach. The Financial Sector had the highest amount of churn relative to the other industries in the study at 5.7%.
Malicious or Criminal Attacks were the most frequent cause of a breach but it only comprised 47% of the total records that were disclosed. System Glitches came in at 28% and human error came in at 25%.
There is a lot more information in the study that is useful in terms of understanding the nature and cause of data breaches. This is the world in which we live now, and in order to protect our businesses, we have to take an active position in understanding the environment in which we operate.
One key part of the study that I found particularly helpful was under the “Factors that influence the cost of data breach”. In this section they give us some critical information in helping us to protect our institutions.
For example, having an Incident Response Team had the potential to reduce the cost of a breach by $19.3 per record. Extensive use of Encryption, Employee Training, and most significant Insurance Protection, are just a few examples of things that help to reduce the cost of a data breach.
On the other hand Extensive cloud migration, third party involvement and compliance failures have the potential to dramatically increase the cost per record in the event of a breach.
Having someone in the institution, whether an inside Risk Manager or outside consultant, to gain this understanding to provide insights and direction to senior management and at the board level is becoming increasingly important.
Understanding and being prepared for extensive use of technology is critical to being successful in today’s environment. It is when we do not understand and we do not prepare that these hazards can become fatal.