The Digital Age has accelerated business in every industry. Yet, with digital advancements come new risks, including the potentially devastating impact of a data breach. These cyber events can affect any business, though there are several tactics organizations can deploy to decrease their vulnerability. Here’s what to know about the potential implications of a data breach and how to control your risk.
The Far-Reaching Impact of Data Breaches
Data breaches can affect a company in several ways. For one, they may encounter permanent reputational damage. Both existing and potential customers lose trust in a business when personal data is exposed. This damage can be costly and cut deep into a business’s profits, with lost business accounting for 40% of the total cost of a data breach on average.
The other costs associated with data breaches can overwhelm businesses, too. Regulatory violations can add up: PIPEDA, the Canadian federal law that governs the collection and use of personal data, carries fines of up to $100,000 per violation. Insurance companies impose their own penalties, too. Premiums for business insurance can increase up to 200% for the same coverage after personal data is leaked. When we factor in the loss of intellectual property and competitive advantage and operational downtime, the total cost of a data breach can climb exponentially.
While it can vary based on the industry and size of the company, the average total cost of a data breach is $3.86 million. For healthcare, the industry in which data breaches are most expensive, the cost is nearly double that figure, at $7.13 million. These losses are significant for large companies, but they could bankrupt a smaller organization.
The Newest Wave of Data Breaches: Ransomware Attacks
As technology evolves, so do cybercriminals. Ransomware is an increasingly popular tactic, consisting of a specific type of malware that encrypts data and renders it unusable to businesses. In exchange for decryption and access to data, hackers request a specific ransom value.
Ransomware attacks are becoming larger in scale and are happening at an increasing rate. The cybercrime is quickly becoming one of the world’s most pressing data security concerns, and 2021 has already seen a number of attacks:
- In March, computer manufacturer Acer was targeted by notorious hacker group REvil who demanded the largest known cybercrime ransom of $50 million. Acer originally offered to pay $10 million, but REvil has since appeared to go offline and it’s unclear whether any payment was made.
- In May, the world’s largest meat packer JBS had to stop operations in North America and Australia after an attack impacted their IT systems. The company paid $11 million to regain control of their data and restore operations.
- The U.S.’s Colonial Pipeline was also attacked in May as a result of a compromised password. The CEO of the project paid $4.4 million in ransom to a Russian cybercrime group to resume operations.
- The Washington D.C. Police Department was another victim in late spring. A ransomware gang seized 250GB of files and threatened to release them if a ransom of $4 million wasn’t paid. Ultimately, the files were released, and the volume and sensitivity of the data appear to have been exaggerated.
A Common Vulnerability: Poor Data Destruction Policies
All businesses should have a robust data security program that encompasses employee training, routine backups, and a strong IT infrastructure. Beyond that, there’s a very simple threat that’s often overlooked: what happens to devices once companies are done with them.
Cybercriminals seek out organizations that may lack sound data destruction policies. Data that’s at rest in a low-security warehouse or in transit without proper protocols is vulnerable to cybercrime. As such, data security and data destruction cannot be viewed as separate issues. They are inextricably linked, and all companies should have data security policies that ensure the prompt, effective data destruction for devices that are no longer in use by a certified, experienced ITAD company.
No matter your company’s size or industry, Quantum offers options for data destruction for your unneeded IT assets. Whether you choose to have your equipment refurbished or recycled, processed onsite or picked up, our team can safely eliminate any trace of data from your devices.