A Reactive Stance to Security: Can you Afford it?
Research by Carbon Black and published by Computerweekly recently discovered that 85% of CIOs in the UK are not proactively looking for threats, and that they only deal with breaches as they are discovered. The company’s chief security strategist Ben Johnston added that “none of those polled believe they can be breached without them knowing about it.”
Yet at the same time, the Guardian UK noted that “UK businesses are battling huge rise in cybercrime.” The article goes on to say that “In a report that singled out the UK as a hotbed of economic crime, PwC said the threat of cyber offences was now a “board-level issue”, but warned that not enough companies were taking it seriously enough.”
So while the UK is batting a “huge rise” in cybercrime, 85% of its (board level) CIOs don’t seem too concerned about the threats and believe they’ll know if they’re breached.
It won’t come as a surprise to most that a security stance comprised simply of reacting to breaches, and not also taking proactive measures, is an expensive proposition.
As this article points out, the average cost of a data breach according to a study by IBM in 2014 was $3.8 million dollars, up from $3.5 million dollars the year before.
And while averages help to a degree to quantify risk, they pale in comparison to the potential of a serious breach, which can cost a company tens of millions more.
For example, Kaspersky discovered a cyber heist in which hackers netted an estimated $1 billion dollars from 100 European banks.
The Sony hack resulted in the theft of major motion pictures that cost tens of millions to make being released to the public for free.
The Ashley Madison hack robbed the company of what was the single most important asset it owned: the discretion it promised its customer base. It also likely resulted in the cancellation of its IPO, and exposed other secrets of its operations it would have rather remained hidden.
It doesn’t take a rocket scientist to understand that being proactive, being vigilant, watching traffic from both outside your enterprise, and from within, is the key to avoiding large losses, damage to your company’s reputation, and even legal issues.
Hopefully, those British CEOs who were interviewed by Carbon Black will wake up to the fact that the real cost of reacting to a breach can be much more than they bargained for, and start putting some proactive measures in place, before the hackers catch up with them.