The cost of cybercrime is increasing year after year; but the cost needs to be measured in much more than dollars and cents.
Each year, Accenture publishes an Annual Cost of Cybercrime Study that combines research gleaned from 16 industries in 11 countries with interviews with more than 2,600 executives from 355 companies. The findings in the 2019 Study won’t make it easier for executives and IT professionals to get a good night’s sleep. Here are just some of the finding:
- Cyberattacks are increasing – Average number of security breaches went from an average of 130 in 2018 to 145 in 2019, an increase of 11%.
- Cybercrime costs are also increasing – Criminals are becoming more sophisticated in their efforts and the average cost for an organization has increased by $1.4 million leading to an all-time high of $13.0 million.
Please remember that these numbers are an average worldwide. We are all very aware of the multi millions and billions of dollars in breaches that major companies and corporations have faced. According to a Forbes article in 2018, the U.S. experiences the largest and most expensive breaches. “The potential cost of an incident depends on several factors with the financial impact rising in line with the number of records stolen. On average, each record
costs $148 and a breach of 1 million records costs $40 million while a breach of 50 million costs $350 million.”
Assessing the true cost of cybercrime
Most people, especially those who have not suffered any consequences from a data breach, think the impact is all about money. But at a recent meeting I attended, I found that is far from the whole story; that there can be an emotional, social, and human cost as well.
John Sileo of the Sileo Group used his experience as a victim of cybercrime to prove this point and to make companies realize that cybercrime is not just an IT problem…it needs to be addressed company-wide. Sileo’s identity was used by one his company’s insider to commit multiple felonies, for which Sileo was held legally and financially responsible. His company was destroyed, along with his finances. He spend two years fighting to avoid jail, so he knows how cybercrime can affect much more than just the company bottom line.
According to Sileo, there are things that organizations should do, besides rely on IT:
- Consider the worst case scenario for your company and bring together a team that will work to build a strategic action plan. Each potential risk will need its own action plan.
- Empower your employees to be the first line of cyber defense teaching them not to give out any information until they verify who is asking. Plus, inform them how to make sure that links are legitimate before they click on them.
- Create strong passwords, using a custom alphanumeric code that is less easy to hack. Longer is better since four and six digit passwords are easy to hack.
- Use aggressive spam filters, disable Office macros and compartmentalize date and segment users.
- Keep systems updated. This is especially true if you have older computers and outdated software.
These are steps every company needs to take. Remember, it’s not a matter of “if” you will be hacked, but more likely “when,” so it’s vital to do everything you can to protect your data. And that means making cyber defense the responsibility of everyone in your company.
Read my full blog on this topic on FleetOwner’s IdeaXchange.