Data protection in the electronic age By Grant Cameron
A
ccording to a PricewaterhouseCoopers survey conducted in 2013 the number of cyber security incidents globally soared to 42.8 million, up 48 percent from 2012, while the average loss for a large company rose from US$3.9 million to US$5.9 million. Companies that saw major cyber breaches in 2103 and 2104 included Target, Home Depot, Neiman Marcus and JP Morgan Chase & Co. To help you to understand the scale of these breaches the Target incident saw the debit and credit cards of 40 million customers stolen as well as the PIN numbers, emails, and addresses of 70 million people. A number of class action lawsuits have been brought against Target with some analysts anticipating the Target breach costs to pass US$1 billion, exceeding their insurance limits. In September 2014 Home Depot announced that a cyber attack that lasted for five months resulted in credit card details for 56 million customers being stolen. In October this year JP Morgan Chase confirmed 76 million households and seven million small businesses were impacted by a cyber attack in June and July. Price of hacking The costs of being hacked often surpassed the actual cost of remedying the cause or causes of the cyber security breach itself and is illustrated
28
The Link
Issue 6/2014
accordingly below. Average costs of a date breach are: • • • • •
Lost business costs: US$ 3,300,000 Post-breach costs: US$1,600,000 Legal defence costs: US$ 574,000 Notification costs: US$ 509,000 Legal settlement costs: US$ 258,000
A Poneman Institute study also found that, on average in the US, a data breach resulted in around 29,000 compromised data records with an approximate cost of about THB 6,400 per record. The study found that the most costly and damaging element of a data breach was the loss of a company’s reputation and the loss of customer loyalty.
The most costly data breaches were malicious and criminal attacks which accounted for 42 percent of all breaches, followed by human error (negligent employee or third party contractor), IT system glitches and business process failures. Worryingly, one fifth of data breaches came about from lost or stolen mobile devices such as laptops, tablets and mobile phones. It is not only ‘big business’ that is being attacked. SMEs are being attacked to a greater degree as they are potentially easier targets with lower budgets to expend on the various elements of cyber security protection. The UK’s Financial Mail on Sunday reported that small and medium sized businesses underestimate the threat that cybercrime poses to