Compliance Enforcements Rise with Data Breach Costs

If you missed the news, data breaches are still a costly affair, and that cost keeps going up. If you have been hit by a data breach, you probably already knew that. The 2022 Ponemon Institute/IBM Cost of a Data Breach Report came out recently and found that the average cost of a data breach climbed to $4.35 million—an all-time high for the study, which has been tracking the financial impact of a data breach for nearly twenty years. The first Cost of a Data Breach Report came out in 2005.

Over that time the costs associated with information security failures has become a matter of interest to a lot of organizations, and with good reason. While the Ponemon study looks at the average cost, the fact is that the actual cost of a data breach can be much higher, and with large enterprises operating with huge stores of sensitive data, the scale of a data breach can be massive.

Data Breaches on a Massive Scale

According to CSO Magazine, the biggest data breaches as measured by individual files compromised include:

  • Yahoo – 3 billion
  • Alibaba – 1.1 billion
  • LinkedIn – 700 million
  • Sine Weibo – 538 million
  • Facebook – 533 million
  • Marriott International – 500 million

As for the financial impact, the most expensive data breaches on record go well beyond $4.35 million, including one breach that was nearly a thousand times bigger. In its Touchpoint blog, Data confidentiality company Firmex reported the top ten breaches (so far) when measured in dollars, including:

  • Epsilon – $4 billion
  • Veterans Administration – $500 million
  • Hannaford Brothers – $252 million
  • Sony PlayStation – $171 million
  • Target – $162 million
  • TJ Maxx – $162 million
  • Heartland Payment Systems – $140 million
  • Anthem – $100 million
  • Sony Pictures – $100 million
  • Home Depot – $56 million

Paying the Cost of Inaction

Despite the well-documented history and clear risks associated with data breaches, organizations seem to lack a real sense of urgency to mitigate those risks and close their security gaps. In a recent Privacy & Cybersecurity Viewpoints Today newsletter from law firm Mintz, attorney Michael Graif wrote, “As the rate of international cyberattacks increases, it is essential that corporations that collect and store their customers’ personal data keep it safe from breaches. But even large corporations can be slow to act in order to implement effective data protection.”

Writing from his perspective in New York, and observing actions taken by New York Attorney General Letitia James against companies like Carnival Cruise Line and Wegman’s Supermarkets, Graif described growing aggressive enforcement actions on the part of his and other states’ attorneys general in the face of this corporate slow roll, warning, “Businesses that collect data from New York residents would do well to take note, and to ensure that their security measures meet the state’s standards.”

A Growing Frustration

Maybe those increasing enforcements are a natural result of momentum as case law builds and precedents are established. Or maybe it is born of a growing frustration, articulated by Senator Ron Wyden in a recent interview with MIT Technology Review who said, “There’s a tendency to hype the capabilities of the hackers responsible for major cybersecurity incidents, practically to the level of a natural disaster or other so-called acts of God. That conveniently absolves the hacked organizations, their leaders, and government agencies of any responsibility. But once the facts come out, the public has seen repeatedly that the hackers often get their initial foothold because the organization failed to keep up with patches or correctly configure their firewalls.”

Keeping data secure is a business imperative, and it doesn’t have to be difficult. The intentional deployment and continued maintenance of easily implemented technologies and programs designed to keep data safe both in transit and in storage are readily available. Coviant Software can help by effortlessly securing and automating vital file transfers, including those with regulated data. Our award-winning Diplomat MFT secure managed file transfer platform has been helping enterprises large and small do it for nearly twenty years.

 

Request your Free Trial of Diplomat MFT

  • To find out what personal data we collect and how it's used, please take a look at our Privacy Policy