Globally, upper-level management in corporations big and small have a conundrum when deciding what to do about their information security strategy. It’s a hassle; it’s another expense; it’s unnecessary, they say. Do information security correctly, though, and you could save millions of dollars and headaches; when it comes to data breaches, it’s better safe than sorry.
A study recently released by the Ponemon Institute found that, between 2012 and 2013, cybercrime costs rose by 26 percent, jumping from an average of $8.9 million to an average of $11.6 million per attack, when factoring in direct and indirect costs as well as opportunity costs. Attacks are both increasing in number and sophistication, leading to more expensive fixes with a longer fix time after the attack.
The perception that security integration within the software development lifecycle is a major inconvenience for the developers can cause a lack of willingness to fully participate in application security testing. It’s understandable, but if the developers can see security vulnerabilities more as defects within the software’s coding, the new mindset would perhaps offset their inhibition to it. Defects, in fact, that can bring a multimillion dollar corporation to its knees – with an average repair time of 32 days and daily cost of $1,035,769.
The costliest crimes, accounting for over 55 percent of all cybercrime costs, are by web-based attacks, malicious insiders, and DDOS (distributed denial of service) attacks, while the most common cybercrimes include DDOS, web-based attacks and malicious code. Almost no industry was spared either: average cybercrime costs for industries in 2013 ranged from $4.5M for retail, $6.8M for healthcare, $10.8 in the technology sect, and a whopping $23M each for defense and financial services corporations.
In a separate survey, customers were asked how they would react to a business when a breach of their information has occurred. Trust obviously remains a huge issue when it comes to customer loyalty, as the study noted: around 55 percent of those surveyed admitted that they would change their banks after a breach, 46 percent would think about switching insurance companies, 42 percent would visit a different pharmacy and 40 percent would change their doctor or dentist.
All in all, the numbers here may be copious, but they don’t lie. Data breaches like the ones in recent weeks can wreak havoc on business operations. Just this week, European reward scheme Loyaltybuild (the irony should not be missed) suffered a breach of at least 375,000 credit card details in full, plus more than a million phone numbers and addresses.
Information security doesn’t need to be so scary. Proactivity is the prime solution and a smart security strategy with fast turnaround on source code analysis can play a major part of mitigating future costs. Larry Ponemon, chairman and founder of the Ponemon research institute, says that equal parts breach detection and breach prevention solutions should be in place, so that “your detection systems allow you to recognize an attack quickly. Quick detection means quicker remediation and lower costs.” Pleading ignorance just won’t cut it anymore as customers quickly wise up. Act now, and you’ll rest eas(ier) later.
Latest posts by Sarah Vonnegut (see all)
- How Secure is Your Online Banking App? - February 26, 2018
- Top 5 OWASP Resources No Developer Should Be Without - January 9, 2018
- Smart Cities: Can My City be Hacked? - December 11, 2017