How much does a security breach really cost?

When news of a security breach creates headlines, its newsworthiness can be really attributed to the prestige or authority of the organisation in question as well as the number of stakeholders it affects, the financial costs or both.

What many fail to comprehend, (through lack of reporting or otherwise) is the true cost of a security breach.

In 2013, Symantec Corporation and Ponemon Institute conducted a comprehensive study into the myriad of costs involved in document breach incidents. The 2013 Cost of Data Breach: Australia study was the fourth annual benchmark study conducted to inform Australian companies of emergent and continuing trends.

Overall, the study revealed that the breaches continue to have a devastating financial affect on businesses with the average per capita cost rising from $138 to $141.

Worryingly, the average number of breached records was 20, 252, resulting in the necessary notification by law of these breach victims.

It goes without saying that financial loss is not the only cost counted in a security breach. The consequences for individual clients are felt keenly on the basis of their limited understanding and diminished protection.

For organisations, the economic impact of lost or damaged customer/client trust and confidence can be particularly damaging.

The most revealing data unveiled seven factors that influenced the costs associated with security breaches:

  1. The company had an incident management plan. 43% of organisations interviewed had a security breach incident management plan in place at the time of the breach event.
  2. The company had a relatively strong security posture at the time of the incident. Again, 43% of organisations had a security effectiveness score (SES) at or above the normative average. Symantec and Pnemon measured the security posture of each participating company using the Security Effective Score (SES) as part of the benchmarking process.
  3. 38% of organisations have centralised the management of document protection with the appointment of a C-level information security professional.
  4. Information was lost due to third party error. 33% of organisations had a breach caused by a third party, such as vendors, outsourcers and business partners.
  5. The company notified breach victims quickly. 33% of organisations notified breach victims within 30 days after the discovery of loss or theft.
  6. The breach involved lost or stolen devices. 29% of organisations had a data breach as a result of a lost or stolen mobile device, which included laptops, desktops, smartphones, tablets, servers and USB drives containing confidential or sensitive information.
  7. Consultants were engaged to help remediate the breach. 33% of organisations hired consultants to assist in their data breach response and remediation.

To mitigate the chance that your organisation is affected by the innumerable costs associated with a document breach, you must invest in a secure and trusted paper shredding company. Metropolitan Shredding Service is the premier paper shredding company in Australia. A member of the National Association for Information Destruction, Metropolitan Shredding Service provides document shredding services and record destruction to small businesses, large commercial, Government offices, medical offices, legal officer and international offices where optimum levels of security are required. All document destruction and shredding services are undertaken at our high security facility.

For more information or to organise an appointment, contact us on 1300 677 074.