sb-nz logo
Story image

Businesses can save on the hefty cost of a security breach if they're honest

SMBs and enterprises that disclose breaches proactively tend to experience 40% less financial damage, according to new research from Kaspersky.

The Kaspersky report, ‘How businesses can minimise the cost of a data breach’, reveals that there is a correlation between the way a data breach is disclosed and the total financial losses an organisation experiences following a cybersecurity incident.

The research shows that SMBs which decide to voluntarily inform their stakeholders and the public about a breach, on average, are likely to lose 40% less than their peers that saw the incident leaked to the media.

The same tendency has also been found to be the case in enterprises.

Failure to suitably inform the public about a data breach in a timely manner can make the financial and reputational consequences of a data breach more severe, Kaspersky states.

Some high-profile cases include Yahoo!, who was fined and criticised for not notifying their investors about the data breach it experienced, and Uber’s fine for covering up an incident.

Kaspersky’s report, based on a global survey of more than 5,200 IT and cybersecurity practitioners, shows that organisations that take ownership of the situation usually mitigate the damage.

Costs for SMBs that disclose a breach are estimated at $93k, while their peers that had an incident leaked to the media suffered $155k in damage.

The same is the case for enterprises. Those that voluntarily inform their audiences about a breach experienced less financial damage (28%) than those whose incidents were leaked to the press - $1.134 million compared to $1.583 million.

Only around half (46%) of businesses revealed a breach proactively, according to the research. Furthermore, 30% of organisations that had experienced a data breach preferred not to disclose it. Almost a quarter (24%) of companies tried to hide the incident but saw it leaked to the media.

Although minimal losses were reported by businesses that managed not to disclose the incident, this approach is far from ideal, the researchers state.

Such companies are at risk of losing even more if - or more likely when - a cybersecurity incident is revealed to the public against their intentions.

The survey further proved that risks are especially high for those companies that couldn’t immediately detect an attack.

29% of SMBs that took more than a week to identify that they had been breached found the news in the press, which is double those that detected it almost immediately (15%).

For enterprises, these figures are similar at 32% and 19% respectively.

Kaspersky senior product marketing manager Yana Shevchenko says, “Proactive disclosure can help turn things around in a company’s favor - and it goes beyond just the financial impact.

"If customers know what happened firsthand, they are more likely to maintain their trust in the brand. Also, the company can give its clients recommendations on what to do next so that they can keep their assets protected.

"The company can also tell their side of the story by sharing reliable and correct information with the media, instead of publications relying on third-party sources that may depict the situation incorrectly.”

Story image
IT leaders prioritising automation, Zero Trust and API-based security investments
"The study shows that a cocktail of multiplying threats, the proliferation of hybrid and cloud architectures, blended with a pandemic-fuelled explosion in distributed and remote work has created a perfect storm for network security teams."More
Story image
Advanced threat actors engaged in cyberespionage up their game
"This recent activity signals a major leap in their abilities."More
Story image
Infrastructure-as-code, and how it can secure the cloud
Bridgecrew recognised IaC early on as one of the best ways for modern teams to delegate security ownership to individual contributors while distributing it across existing frameworks within CI/CD pipelines. This attribute meant that IaC was invaluable in securing cloud-native environments.More
Story image
Video: 10 Minute IT Jams - Who is Okta?
Okta is an identity and access management company, specialising in secure user authentication. It's an enterprise-grade identity management service, built for the cloud, but compatible with many on-premises applications.More
Story image
Gartner: Top security and risk management trends for 2021
“CISOs are keen to consolidate the number of security products and vendors they must deal with."More
Story image
Attivo Networks expands Active Directory suite for greater protection
"We see Active Directory exploitation used in the majority of ransomware, insider and advanced attacks. We are pleased to now offer our customers early and efficient solutions for preventing the misuse of Active Directory.”More