The economic impact of a work from home cyber security breach can be complicated.
There are many factors that play into how your company could lose if a ransomware or data breach occurs. Some of these include:
- Choices your business makes on how data will be handled
- The remote access solution you choose
- Cloud desktop thin clients vs VPN access
- SSL/user credentials
- Two factor authentication
Other factors may fall outside of your direct control. For example:
- The speed and consistency of your employee’s internet connection
- The performance of your employees personal computer
- The operating system they are using
- Their antivirus and security tools
- Whether they share the computer with other family members
We’re in Uncharted Territory
For the first time in recent history most employees are working from home. Parking lots remain empty and office lights are off, the sound of a busy office has been replaced with the whir of the Keurig in your kitchen and potentially the kids getting home schooled.
Data Security has long been the domain of the IT department, but now data security must begin with the employee. Each employee has a role to play in preventing a data breach or ransomware outbreak.
The first rule gun safety is “to treat every firearm as if it is loaded.” We need to apply this same level of scrutiny to emails and email attachments. Employees will need to review every email, analyze every link and file to determine their validity. When in doubt employees need to contact the IT department before proceeding.
Should a small business be concerned about a data breach?
The short answer is yes!
Smaller organizations with 500-1,000 employees had an average cost of $2.65 million or $3,533 per employee. This is one of the hidden costs of a data breach. Small organizations are hit more than 10x harder than large organizations, which can result in an irrecoverable impact on their bottom line (source).
How long does a data breaches impact an organization?
According to one data breach study, one-third of data breach costs occur more than a year after the data breach incident, according to 86 companies studied over multiple years. 67 percent of breach costs came in the first year, 22 percent accrued in the second year and 11 percent was accrued more than two years after a breach.
Looking Beyond the Financial Impact
The costs of a security breach go well beyond dollars and cents. Security breaches have a very real financial impact. Data breaches have outside consequences as well.
Some of these consequences include:
- Lost Reputation
- Lost productivity
- Loss in revenue: lost sales and customer churn
As you can see there are ramifications that fall outside of pure dollars and cents.
Cyber insurance can often replace lost revenue and help with fines. However, you can’t purchase an insurance policy that can restore your businesses’ reputation. You spent years building your brand and establishing trust with your customers, don’t let a security breach destroy all your hard work.
What price can be put on your company’s reputation?
A recent study suggests 80% of a purchasing decision is made based on researched conducted online. That means when a customer contacts you, they have already done their homework. Lost business was the largest of the four major costs that contributed to the total cost of a data breach. The average cost of lost business was $1.42 million and caused 3.9 percent of customers to churn. Protect your company’s reputation like you would your bank account numbers or alarm security code.
16.2 days is the length of time a typical ransomware attack takes to fully recover from. Can you survive three business weeks without processing accounts receivable or invoices?
Companies with security tools that reduced the need for human intervention saw significantly lower costs after experiencing a data breach- 51% of those who did not have automation. It’s actually becoming more costly to not use automation!
What steps can a small business owner take?
- Security Awareness Training- first line of defense is to train employees what NOT to click on!
- Managed End Point Detection and Response
- Security Operations Center (SOC)
- Spam Filtering
- Dark Web/ URL- DNS filtering
- Password protection tools- is your accountant’s password that same as her Facebook account?
In 2019, the average cost of a data ransom was $84,116.00
We aren’t talking about pocket change. Does your company have an additional $84,000 set aside for a rainy day
With lost revenues, customer churn, regulatory fines, and reputation impact over three years are calculated, the loss is generally well over a million dollars.
You’ve got Cyber Insurance so you’re safe…. Right?
You may have cyber insurance, and that’s great. Before the insurance company is going to pay, they are going to want to perform an analysis of the breach. Their investigation will need to show that your company wasn’t negligent in any area. The insurance company isn’t going to simply write you a check because you contacted them. They take their time, most likely longer than 16.2 days, and more than likely over 90 days.
Cyber insurance isn’t going to recover your data. It is meant to help alleviate the financial burden of a ransomware attack. You should consider cyber insurance as a safety net only. Having an incorrect understanding of your cyber insurance policy could leave you exposed financially.
“What are the odds? I’m too little.”
The chance of experiencing a data breach was 29.6 percent in 2019, an increase from 27.9 percent in 2018. In the span of six years, the likelihood of a data breach within two years grew 7 percentage points, a 31 percent increase in the odds of experiencing a breach within two years.
Your organization is nearly one-third more likely to experience a breach within two years than you were in 2014.
What do all these numbers mean and especially how do they impact Work from Home?
What might be the scariest part of many of these numbers shown in the article is they are from 2019, before the pandemic and the work from home wave began. This study was created with numbers based on employees in the office, with IT people protecting the perimeter, using proven tools and setting policies that were shown to be effective.
The “horses are out of the barn” so to speak! It is hard enough to keep security tight in a managed office setting, and now everyone has been sent home with little to no training on how to work safely, and in most cases, no written policies specific to working from home that are security focused.
Prediction for 2020
The cost of data breaches on average may come down in 2020. The total cost is unfortunately more likely to triple! The conclusion? We have a mostly untrained and minimally protected target rich environment for cyber criminals! The cyber criminals were rapidly gaining ground, and now they are organized and are multimillion-dollar criminal and foreign state organizations.
However, it’s not too late to start training your employees, and to use security automation and to fight back.