Tuesday, October 31, 2017

What is the cost of a data breach? A Canadian Report

By: Allan Kennedy   Categories:Blog, Data Protection, Network and Security

What is the cost of a data breach? A Canadian Report
The marketplace is seeing an increasing growth in cyber threats and their sophistication. One of the ways to keep informed and be prepared for a potential cyber breach is to look at current security trends in Canada and the cost of such a data breach on an organization.

Cyber security experts are raising the flag that any business whether large or small can be vulnerable to attacks. Hackers are constantly on the lookout for a way to maneuver their way into your site if the proper controls aren’t in place to detect their snooping. It’s a very profitable activity that is impacting Canadian private and public organizations.

Below are two recent examples of Canadian organizations that were affected by cyber attacks and the costs associated with those attacks:

2016: The University of Calgary paid $20,000 to be able to get back control of its computer system after it was hit with a ransomware attack.
2017: Lakeridge Health in Oshawa, a southern Ontario hospital, was affected by the global ransomware attack, known as WannaCry, that hit hospitals, companies and government offices in nearly 100 countries mid-may. No cost related information has been available.

These experiences serve as a strong financial incentive for companies to protect their websites and IT systems from cyber attacks. The costs of an attack can be very high to cover for investigative expenses, response and aftermath costs. Additional losses continue to accrue after the event due to customers leaving after its reputation takes a negative hit. That is in addition to costs related to potential customer settlements if you are in the retail business.

The ten biggest expenses related to data breaches are:

1. Remediation
2. Loss of customers
3. Business disruption
4. Regulatory fines
5. Legal costs
6. Public relations
7. Breached client records
8. Direct financial loss
9. Notification costs
10. Credit card reissues, identity theft repair, and monitoring

Ponemon Institute’s 2017 Cost of Data Breach Study

The report is an industry benchmark and country-specific study, that was independently conducted by the Ponemon Institute and sponsored by IBM Security.

The 2017 study looks at the costs incurred by 27 Canadian companies from 12 different industry sectors following the loss or theft of protected personal data and the notification of breach victims as required by various laws. It is important to note that costs reported in this research are not hypothetical but actual data loss incidents. They are based on estimates provided by individuals interviewed over a 10-month period in the companies represented in this research.

The report states that the average per capita cost of a data breach decreased from 2016 to 2017.

Here is a summary of data breach costs in the Canadian report:

•  27 Canadian companies participated in the study
•  $5.78 million is the average total cost of data breach
•  4% decrease in the total cost of data breach
•  $255 is the average cost per lost or stolen record
•  9% decrease in the cost per lost or stolen record

Components of the cost of data breach that affect the cost:

• The unexpected and unplanned loss of customers following a data breach (churn rate)
• The size of the breach or the number of records lost or stolen
• The time it takes identify and contain a data breach
• The detection and escalation of the data breach incident
• Post data breach costs, including the cost to notify victims
• An attack by a malicious insider or criminal is costlier than system glitches and negligence (human factor)

According to the report, the number of breached records per incident this year ranged from 4,300 to 69,844 and the average number of breached records was 21,750. Data breaches involving more than 100,000 compromised records were not included as they are not representative of data breaches most organizations incur and would have artificially skewed the results.

Download the full report here

Can Your Business Afford a Cyber Attack?

The cost of a data breach differs for every organization due to a multitude of factors as this report states. How much would it cost your organization if you were hit by a cyber attack with the Cost of Breach Calculator.
Find out even more about threats prevalent in various industry sectors.

Are your cyber security policies and procedures up to date? Do you need help in identifying potential threats? Get in touch with me to get a conversation. We’re here to help.

Allan Kennedy
Senior Account Executive

Contact author


CategoryID: 15