As data breaches become increasingly more common, it’s no longer a matter of ‘if’ an organisation is going be attacked but ‘when’. Despite being in the midst of a global pandemic, cybercriminals have exploited the current situation to launch a range of sophisticated cyberattacks targeting a diverse range of industries.
There appears to be no let-up in the continual stream of data breaches, and if anything, they are increasing in frequency and severity. According to a recent Risk Based Security Report, the first six months of 2020 have already seen a staggering 8.4 billion records exposed.
The consequences of a data breach have become all too real, and many organisations are now acutely aware of the damage that could result from a costly breach. The fines imposed on British Airways and Marriot highlight just how seriously the ICO intends to take GDPR violations going forward.
How are breached organisations affected?
A data breach can cause irreparable damage and the effects can be long-lasting. In addition to the large fines that can be imposed as a result of non-compliance, organisations may face further costs from operational downtime, implementing new security measures and compensating affected customers.
A breach may also significantly impact consumer trust and damage brand reputation. The unfortunate reality is that many consumers will simply lose confidence in a business if they believe their data is not being properly protected.
All these factors can significantly affect a company’s valuation. A prime example of this was the 2013 Yahoo data breach. Over 3 billion user accounts were compromised exposing sensitive customer information including email addresses, passwords, telephone numbers and birth dates.
The breach came to light in 2016 when the company was about to be bought over by US telecoms company Verizon. The acquisition went ahead with the company buying Yahoo for a discounted rate of $4.48 billion, around $350 million less than the original asking price.
A report by professional body (ISC)2 also highlighted the impact that a data breach can have on a company’s valuation. The research revealed that companies can significantly drive down their value by the mismanagement of data breaches.
250 US-based mergers and acquisitions experts were surveyed in the report, with 49% of those experts witnessing a merger or acquisition agreement fall through as a result of a data breach. In addition, 86% of respondents said that if a company publicly reported a breach in its past, it would detract from the allocated acquisition price.
However, 77% said that they had previously recommended one company to be acquired over another because of the strength of its Cyber Security program. 96% had also noted that Cyber Security readiness factors into the calculation when they are assessing the overall monetary value of a potential acquisition target.
The study shows that while most companies would prefer not to experience a data breach, if they have taken steps to handle it well, adjusted policies and processes, and improved their overall security posture, they will be looked at more favourably by financiers and business leaders.
A robust Cyber Security awareness program is key in mitigating risk and preparing for the inevitable. If organisations invest in Cyber Security and can demonstrate that they have taken all the necessary steps to protect their data, they are unlikely to face the full wrath of the regulators and their company valuation may not be as adversely impacted compared to those companies that have chosen to do nothing.
Best Practices to Avoid a Data Breach
- Staff Training – Instilling good Cyber Security habits in your staff is the best way to defend your organisation from attack. 60% of the 4856 personal data breaches reported to the ICO in the first half of 2019 were as a result of human error. Organisations can tend to focus on external threats but it’s often their own employees that pose the biggest security risk. A comprehensive security awareness campaign that utilises a range of tools and techniques is the best way to engage staff and educate them on the evolving threat landscape.
- Update Security Software – Security software should be regularly updated to prevent hackers from gaining access to networks through vulnerabilities in older and outdated systems. This is exactly how hackers were able to access the data of over 143 million Americans in the infamous Equifax Data Breach in 2017. A fix for this vulnerability was made available two months before the breach, but the company failed to update its software.
- Regular Audits and Risk Assessments – The GDPR specifies that organisations must conduct regular audits of data processing activities and comply with a set of data protection principles that will help safeguard data. This will ensure that a suitable framework is in place that will keep personally identifiable information of customers secure and mitigate any risks. The implementation of an effective policy management system will enable organisations to demonstrate compliance with legislative requirements and effectively target the areas that present the highest risk to data security.
- Password Safety – One of the easiest ways for hackers to gain access to sensitive company systems is to guess passwords. For extra security, users should create a passphrase which is a password composed of a sentence or combination of words. The first letter of each word will form the basis of the password and letters can be substituted with numbers and symbols to add a further line of defence. Two-factor authentication (2FA) will also provide an additional layer of security to accounts. In addition to a password, 2FA requires a second piece of information to confirm the user’s identity. This could be a security question, fingerprint or a one-off code.
To help improve Cyber Security awareness within your organisation and reduce the chance of a costly data breach, we’ve created a free guide that provides 10 practical tips on how to improve staff Cyber Security awareness.
In this guide, you will learn:
- How to develop a robust Cyber Security awareness plan that decreases the risk of a data breach.
- What is required for a Cyber Security awareness program to be effective.
- Practical tips to improve staff Cyber Security awareness.
Click here to access your 10 Ways to Improve Staff Cyber Security Awareness guide.