There are many things that a company can do to reduce the cost of a data breach, if it happens. Including these activities in your approach to cybersecurity can be affective ways to further reduce cybersecurity risk.
Models for the cost of a data breach that are based upon historical industry data reveal a large "tail" distribution for the cost. For ten percent of companies that experience a large data breach, the costs can be quite high. Two important costs are investigation and notification. This presentation identifies actions that can be taken to lower the cost of investigation and notification.
2. $0
$10
$20
$30
$40
$50
$60
$70
Likelihood
of
Breach
Cost
Breach
Cost
Millions
Distribution for the possible cost of a data breach that exposed personal and
financial data for 300,000 peopleand that was caused by a malicious outsider.
This distribution is a prediction from a linear regression model trained upon a large number of data
breaches, covering a large range of industries, incident types, data types and people affected. While the cost
of most breaches is less than $10 Million dollars, a significant portion are much larger – the long long tail.
80%
Confidence
(80%
of
data
breaches
will
cost
less)
90%
Confidence
(90%
of
data
breaches
will
cost
less)
10%
of
breaches
fall
here
– within
the
long
long
tail.
What
is
the
Long
Long Cyber
Risk
Tail?
3. Investigation
Notification
Call
center
Remediation
o Business
Loss
o Damage
to
personal
credit
o Theft
of
money
&
goods
o Credit
card
replacement
costs
Business
loss;
theft
of
money
&
goods
Credit
monitoring
&
privacy
insurance.
Fines
&
settlements
Public
&
Other
BusinessesBreach
Company
Mitigate
Transfer
via
suits
Breakdown
of
Data
Breach
Cost
Total
Cost
The
cost
of
a
security
firm
to
investigate
and
report
on
the
activities
of
a
malicious
intruder.
Legal
response
to
the
many
many
government
agencies
that
require
notification.
4. $0
$10
$20
$30
$40
$50
$60
$70
Likelihood
of
Breach
Cost
Breach
Cost
Millions
Variable
Costs
that
Dominate
the
Tail
Investigation
Notification
Call
center
Remediation
Business
loss;
theft
of
money
&
goods
Credit
monitoring
&
privacy
insurance.
Fines
&
settlements
Breach
Company
5. Investigation
Notification
Call
center
Remediation
o Business
Loss
o Damage
to
personal
credit
o Theft
of
money
&
goods
o Credit
card
replacement
costs
Business
loss;
theft
of
money
&
goods
Credit
monitoring
&
privacy
insurance.
Fines
&
settlements
Public
&
Other
BusinessesBreach
Company
Mitigate
Transfer
via
suits
Make
sure
you
are
capturing
information
that
can
speed
the
investigation.
Engaging
a
security
firm
early
can
save
millions.
Engage
a
law
firm
early,
negotiate
costs
and
be
prepared.
Reduce probability of a lawsuit by
engaging a law firm to review
contracts and advertising promises.
How
to
Control
Variable
Costs
that
Dominate
the
Tail
6. Actions
to
Reduce
Your
Tail
ü Engage
a
law
firm;
negotiate
notification
costs
ü Strengthen
contracts
with
partners;
be
careful
with
advertised
promises.
ü Engage
a
security
company,
instrument
your
enterprise,
negotiate
investigation
costs
VivoSecurity
Inc.
Contact:
ThomasL@VivoSecurity.com
ü Use a Cyber Loss Model to clarify potential loss;
consider Insurance.