It should come as no surprise, but data breaches are costly for organizations. Each stolen record containing sensitive or confidential information costs an organization an average of $158, according to the 2016 Ponemon Cost of Data Breach Study released last month. That price more than doubles – to $355 – when looking at a highly regulated industry such as healthcare.
Those costs add up. The final tally for an average breach is now a whopping $4 million. That’s up from the $3.79 million last year and a 29 percent in total costs since 2013.
Clearly, data breaches have a significant impact on business. In fact, the biggest financial consequence often comes in the form of lost customers, according to Ponemon. The findings confirm what others surveys have recently reported: consumers are increasingly unforgiving when it comes to data breaches, particularly younger generations.
A FICO survey found that 29 percent of millennials will close all accounts with a bank after a fraud incident. Not only will they take away their own business, a significant percentage will actively campaign against others using the bank. A quarter will turn to social media with negative posts, and more than a fifth will actively discourage their friends families from using the services.
Can the C-Suite Make a Difference?
It’s not all bad news when it comes to cybercrime-related research though. In fact, The Economist Intelligence Unit recently found that certain types of organizations are having at least some success when it comes to fighting against the tidal wave of cyber-attacks. Making cybersecurity a priority at the top of an organization can have a significant impact on cyber risk.
According to the survey:
- A proactive strategy backed by an engaged C-suite and board of directors reduced the growth of cyber-attacks and breaches by 53% over comparable firms.
- This includes a 60% slower growth in hacking, a 47% slower growth in ransomware, and a 40% slower growth in malware attacks than their less successful counterparts.
- Successful firms were also 56% more likely to maintain a standing board committee on cybersecurity.
Unfortunately, many organizations are either overwhelmed with low-level data and tasks, or they are unable to clearly articulate relevant threats to those executives. This leaves them more vulnerable to the various cyber threats facing their organizations — and the potential costs and other fallout associated with those incidents.
That’s why it’s crucial that those in the C-suite and on the board of directors have strategic threat intelligence — including dark web data on the cybercriminals themselves — provided in a clear, concise and ongoing manner. It is possible to stem the tide of cyber-attacks with a combination of the proper leadership, expertise and tools, but all too often those organizations are operating without a crucial piece of the puzzle — the high-level threat intelligence to help guide those decisions.
Taking Action with Threat Intelligence
Much has been written about the cybersecurity knowledge gap in the C-suite; however, that issue runs both ways. Earlier this year, ISACA released its State of Cybersecurity: Implications for 2016 report, and they found that respondents “overwhelmingly reported that the largest [skills] gap exists in cybersecurity and information security practitioners’ ability to understand the business.”
This is a crucial problem as security experts continue to hammer home the point that cybersecurity is no longer an IT problem, but a business one. Cybersecurity employees understanding business concerns and business executives understanding cybersecurity concerns isn’t just an aspiration, it’s a necessity for properly managing cyber risk.
That collaboration and understanding is at the heart of effective cyber threat intelligence.
Effective threat intelligence empowers those in the C-suite and board of directors with relevant and easy-to-comprehend information about the most important cyber threats impacting their business, their competitors and their supply chain. Effective threat intelligence also serves as a guidepost for those in IT to ensure that tactical defenses and resources are aligned with the most pressing business concerns.
In short, threat intelligence is a key component in getting away from the never-ending game of whackamole that results from blindly chasing down the latest headline-grabbing cyber threats and instead operating with a more thoughtful, harmonious and strategic approach. It’s applying the same combination of technical analysis and business insight that are commonplace in other key areas of the organization in order to achieve the biggest return on your cybersecurity investment.
It’s no wonder then that those organizations are seeing the best results when it comes to reducing their overall cyber risk.