Generic
Seven Data Breach Lessons from research studies: What does a data breach cost?
20/12/2016 | Written by: Laura Begieneman
Categorized: Generic
Share this post:
Two questions keep coming back when I meet customers and partners in GDPR-related sessions. First, when it comes to preparing for GDPR: where to start? Second, what is the true financial impact of a data breach?
On the first topic I recently started a blog series where we break down GDPR in nine digestible use cases. The first and second blog can be found here the third will be published next week.
On the question of financial impact, IBM Security just published a very insightful study called 2016 Cost of Data Breach report. Our goal in this annual research is to help understand the costs associated with data breach incidents.
This study covers 383 companies across 16 industries and in 12 different countries. While, unfortunately, Benelux countries are still outside the scope, there is a lot to be learned from looking at the other European countries, such as Germany, UK and France.
This is not the first time we publish this study. Over the many years of studying the data breach experiences of more than 2,000 organizations we drew seven key conclusions:
- Data breaches are a consistent cost of doing business and need to be incorporated into data protection strategies.
- The biggest financial consequence is lost business. Following a breach, enterprises need to take steps to restore customers’ trust.
- Most data breaches are caused by malicious attacks. These breaches take the most time to detect and have the highest cost per record.
- The longer it takes to detect a data breach, the more costly it becomes to resolve.
- Highly regulated industries (eg. healthcare, finance) have the most costly data breaches because of fines and the higher-than-average rate of lost business and customers.
- Improvements in data governance initiatives will reduce the cost of data breach.
- Investments in data loss prevention controls such as encryption and endpoint security are key in preventing data breaches.
IBM nominated as ICT service supplier – Computable Awards 2017
Privacy issues are changing and the new legislation is leading. In May 2018, the new GDPR legislation will become effective, with new requirements for processing and processing personal data. IBM is one of the largest data processors and has acquired the necessary knowledge with previous privacy laws. It has resulted in a GDPR-specific architecture framework that IBM offers as a service. The main purpose of the GDPR assessment is a roadmap that prepares an organization for this GDPR legislation and to test risk factors in the organization of the client.
The complete jury report (in Dutch)
Vote for ICT service supplier of the year – IBM – Computable Awards 2017!
Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations. The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.
Learn more about IBM’s own GDPR readiness journey and our GDPR capabilities and offerings to support your compliance journey here.
Senior (Sales) Consultant Cyber Security & Data Privacy @IBM Security
Is regulation enabling or hindering innovation in the financial services industry?
Anne Leslie, Cloud Risk & Controls Leader Europe, IBM Cloud for Financial Services Europe’s financial services sector is in the throes of wide scale digital transformation – a transition being accelerated by the growing adoption of digital solutions and services to help keep up with the demands of digitally savvy consumers. While there can be […]
The Digital Operational Resilience Act for Financial Services: Harmonised rules, broader scope of application
The Digital Operational Resilience Act – what and why As part of the European Commission’s Digital Finance Package, the new Digital Operational Resilience Act, or in short DORA, will come into force in the coming period. The aim of DORA is to establish uniform requirements across the EU that improve the cybersecurity and operational resilience […]
Banking on empathy
Suppose you’re owning a small boutique wine shop and have gone through two difficult years because of the Covid-19 pandemic. As the pandemic seems to be on its way back, it is time to revitalize the shop. And this causes direct a huge challenge: the wine stock needs to be replenished but you have used […]