Data security breaches differ in size and scope, and it’s no secret that organisations targeted by hackers often face serious financial and reputational repercussions.
As our research reveals, large-scale social media attacks are becoming increasingly common, which places vulnerable users at risk of having identifying information like usernames, passwords and phone numbers exposed.
For many, the most damaging after-effect of a data breach is the financial loss that incurs from lost data records and GDPR penalties. However, many organisations don’t factor in the cost of reputational damage, despite IBM’s 2019 study on the Cost of a Data Breach revealing that lost business was the biggest contributor to breach costs.
What is the cost of a data breach?
How much a business stands to lose depends on how long it takes an organisation to identify and then contain a breach, which correlates to the number of records stolen. In 2019, the average cost per lost or stolen record was £120, as it took organisations 206 days to identify and a further 73 days to contain an incident.
Social media companies are more likely to face higher financial impacts as a result of a large scale breach, having experienced the greatest number of compromised records over the first half of 2018 with 2.5 billion, representing a 14,927% increase on the previous year. Social media platforms are also prone to GDPR penalties due to their inclusion of private information.
If your organisation handles personal data of EU residents, then it’s vital that you invest in effective GDPR implementation to avoid costly fines. The key requirements of new GDPR guidelines include anonymising data to protect privacy, providing data breach notifications and gaining consent of subjects for data processing. Without these assurances in place, organisations can lose between 2% and 4% of their annual revenue.
How can I prevent a data breach?
The most effective way to prevent a data breach is preparation, as an investment in security protocols and training should be paramount to any organisation. Bill Strain, Product Development Director at iomart, says: “Many smaller businesses wouldn’t survive the operational impact of a successful cyber-attack, let alone the financial one of a punishing fine on top.
“Looking at your potential risk and knowing where your data is, controlling who has access to it, and making sure it’s secure should be an absolute priority. It’s still the case that most cyber-attacks start by exploiting our human vulnerability. By training staff to spot suspicious emails or links you can lock the front door and then use technological solutions to ensure the hackers can’t get in around the back.”
To create an effective defence against a data breach, organisations should:
- Keep IT systems and software up-to-date
- Store sensitive data separately
- Control users’ access and privileges
- Secure the email gateway
- Do regular off-site backups of your data
- Provide regular security training for all staff