The average cost of a data breach is now $3.92 million. It takes, on average, 206 days to identify, and 73 days to contain according to IBMs 2019 Cost of a Data Breach Report. While these numbers may already seem high, they are global numbers and experts cited in the report explained that the US companies are experiencing even higher costs.
There’s really no point in debating it… Cybersecurity is expensive, but any effective cybersecurity initiative that costs at least a dollar less than the average is cheaper than the alternative if you experience a breach. Not to mention all of the extra costs that you’ll incur in legal, reputation, and loyalty over time.
To protect yourself against cyber crime, you will need to work on these three elements of your business.
Your technology and policies are only as good as the people managing them. There are two types of employee preparation you should consider:
Your cyber security policy should not be so complex that it’s difficult for employees to understand or comply with; however, it must be comprehensive enough to secure your business. Your policy must take into consideration industry best practices, regulatory compliance, privacy concerns, and any potential legal liability a breach could expose your business to. The Federal Communications Commission Cyber Security Planning Guide outlines the specific things that you should include. The NIST and MITRE ATT&CK frameworks are also available to guide you in creating solid policies and processes to better secure your business.
The technology and tactics that bad actors use are increasing in sophistication constantly. Tools to thwart them are also evolving, but not at the same pace - that’s why it’s crucial to stay as up to date as you can so you can stand a fighting chance. It makes sense to get the best hardware and software solutions you can afford - and keep them up to date with the latest updates and patches as they become available. When prominent companies push upgrades, this provides an alert to cybercriminals around security flaws. Seizing the opportunity to reap rewards from the slow to move, they immediately test them and capture immediate revenue. This CSO Online article, Security software reviews, 2019: Lab tests of today's top tools, outlines their top 22 picks from 2019.
If you can't afford the best, consider a Managed Security Services provider - they often have tools that are beyond what most small and medium businesses can budget. A managed security services provider can give you access to tools and deeper expertise while potentially saving you money before a breach.
A data breach could cost you your business - or millions of dollars and the loss of your reputation.
BlueVoyant provides advanced cyber threat intelligence, managed security services, and proactive professional services offering small and medium enterprises the same kind of software and level of services that large enterprises enjoy.