Why doesn’t cybersecurity get the attention it deserves? On average, 350 million Americans are impacted by data breaches every year, and still, many companies have not embraced a corporate culture that includes privacy and security in their core values. We’re all familiar with the vulnerabilities of weak data security, but how many businesses really experience a data breach every year? But the real question is what do those hackers want with your information?
According to the Theft Resource Center and CyberScout, the data risk management company reported the number of data breaches in the U.S. jumped 29 percent in the first half of the year, hitting a record high of 791. But what are hackers searching for?
Frequently stolen information includes:
Most hackers acquire the information they can sell or use. Stolen credit card numbers are at the bottom of the barrel these days because they are so easily accessible. Social security numbers are the main target - they are worth much more to identity thieves to commit miscellaneous crimes pretending to be someone else. Hackers can open new credit and bank accounts, commit tax fraud, access brokerage accounts, get medical treatment or even apply for various benefits.
No identity theft is easily handled, but unlike a credit card that can instantly be closed, a Social Security number has a timeless shelf life. Health records are even more worthwhile because they’re a data-rich market. In addition to enclosing Social Security numbers, they have the medical history, date of birth, insurance information and perhaps the credit card used to cover co-pays. Many medical organizations have placed their focus on patient care and less on patient privacy and cybersecurity. They may not realize the value you of the data they collect.
A data breach of any kind can hurt your business. The average cost of a data breach in the U.S. is $3.86 million in 2018-up 6.4% from the previous year (2017)- according to the 2018 Cost of Data Breach Report determined by IBM Security and Ponemon Institute.
On average, the cost of a compromised record is $225 but is significantly higher for exceptionally managed industries: healthcare ($380 per file) and financial services ($336 per file).
These figures include the direct costs of legal fees, notification, hiring additional staff and supplying identity monitoring services – including the loss of business that results from the breach. The impact to a company’s reputation trailing a breach generally results in customers going elsewhere.
It takes approximately six months (206 days) for an organization to identify an intrusion, and an excess 55 days to repress the breach, according to the IBM/Ponemon report. That’s a considerable improvement from a few years ago, but nonetheless, a slow transition, security experts say.
The longer a hacker goes undetected, the more damage they can do - which directly narrates with the volume of financial loss the company will battle. When a breach is spotted and contained in less than 30 days, the cost is nearly a million dollars lower, on average. Having a precise incident response plan in action can result in more than financial saving for your business.