The Real Cost of Protecting Your Company from Cybercrime is NOT in Short-term Costs, But Long-term Savings
Thanks to: Doug Bonderud
What’s the real cost of cybercrime? It’s a hard number to pin down, since there are so many factors influencing the total for any given company. What was attacked? Was data stolen, damaged or destroyed? How long were network systems down? While there’s no hard and fast answer, it is possible to uncover some of the most common costs associated with cyber-robbery and data destruction — and more importantly, to suggest a way to mitigate these losses.
The first cost businesses face when they fall victim to cybercrime? Lost revenue. This might result from stolen corporate secrets, lowered sales volumes (if consumers are scared off after a credit card breach) or falling stock prices. As reported by HP Enterprise Security, the Ponemon Institute’s “2014 Cost of Cyber Crime” study shows cyberattacks resulted in losses of $12.7 million for companies in the United States. Next on the list are losses tied to investigation and cleanup.
This money must be spent first to find the source of a data breach or malware attack, and second to clean up any damage in the aftermath. In some cases, this means funding months- or years-long internal investigations about what happened, while in others — especially for well-known companies or those with extensive government ties — businesses must pay for outside investigators to uncover the cause. Systems must then be cleaned, re-secured and likely recertified before any sensitive data can be handled. Wondering about the cost? According to the International Business Times, Sony shelled out $15 million to investigate and clean up after its December 2014 breach.
Finally, companies must consider the cost of downtime. Even if data isn’t stolen or compromised, and even if consumers aren’t worried about their information being stolen, the costs of network outages in a technology market that expects 24-7 service can be crippling. In a recent Information Age article, it was estimated that every hour of downtime costs businesses $100,000 per hour — and yet 35 percent of companies estimate that fixing these critical network issues can take up to 12 hours.
What’s the common theme here? Reactive security. Each cost incurred comes after the fact — after data is stolen, after networks are damaged and after systems go down. What if there was a better way? There is: go proactive.
Here’s how it shakes out. Most breaches happen thanks to an insider or security hole, either in-house or by a third-party provider. In many cases, security holes aren’t recognized until malware is past the gate and taking up residence in network systems, meaning it’s already too late. By opting for an integrated suite of pre-breach preventive services aimed at ensuring compliance with the myriad governing statutes, regulations, rules, and industry best practices, it’s possible to achieve continuous monitoring, both for internal software and programs from off-site partners.
Are there costs involved? Absolutely. According to a recent Forrester report, implementing an end-to-end security solution costs an average of $52,800 for implementation and $56,650 per year after the first year, resulting in a four-year total of $222,750. Sounds like a lot in isolation, but not so much when the real cost of cybercrime is tallied. What’s worse: spending just over $200,000 in four years, or $12 to $15 million per breach — along with $100,000 per hour in downtime?
Simply put, reactive security can’t buy lower costs. Spend on proactive tools and reduce the chance of a massive loss.
SureView® Insider Threat, by Raytheon|Websense will ensure and enforce that compliance, while offering complete audit trails for all noncompliance events.
What’s more, our legal team develops corporate guidelines of acceptable use, called ‘policies’. These policies protect data access and usage across the enterprise in a manor conforming to compliance rules and regulations. Furthermore, these same policies are then utilized by SureView, which translates them into detailed ‘e-policies’ governing employees’ access, use, and transmission of data in real time. SureView Insider Threat then generates regular audit reports showing whether and to what extent users are following policies and where problems need to be addressed… and compliance enforced.
The result is Data-security Compliance on two closely related levels: legal compliance by the organization, and technical enforcement of acceptable use compliance by its employees.
Contact Us for more information.