- June 10, 2020
- Posted by: Pat Riot
- Categories: CPA, CyberSecurity, Finance, Healthcare, Private Wealth, Security Operations
The biggest reasons small businesses typically do not have cybersecurity is because they believe they do not have the resources and they are not a primary target in a cyber-attack. The unfortunate truth is that, according to the 2018 Verizon data report, 58% of data breach victims were small businesses, all of which had less than 250 employees. A majority of us reading this, us included, are nowhere near 250 employees. However, the numbers are still alarming, and we will do our best to give you a realistic range into the cost of a data breach. Healthcare and the financial industry are, by any reports standard, the most targeted industries out of any other.
Why Target the Little Guy and What Makes Up the Cost of a Breach.
Ivy Walker, a contributor to the ForbesWomen blog, made an interesting point about the Verizon report. She stated that the reflection of the attacks seemed counterintuitive for two reasons. The first being what we would expect, the payoff is with the larger companies. Why target the “little guy?” And the second, correlates with the second half of the opening sentence – they don’t feel like they will be a target because the news only shows massive data breaches. However, targeting a small business makes sense from a hacker standpoint. SMB’s typically don’t have the overhead for cyber security personnel, they are likely to pay for recovery if a breach were to occur, and they are overall easier to target because they do not have the security a major corporation has or the education in place to prevent a cyber-attack. It is obvious that an attack affects a business in many ways, but the bottom line is data breaches are destructive not only to a company’s network but to their client relationships as well. Making loss of business the biggest cost of a data breach. Not to mention the cost of the potential $150-$450 penalty per record stolen, hiring a third-party cyber forensics team, compensations payments, and legal fees. Companies can spend up to 4 years recovering from the consequential impacts of a data breach, according to IBM’s annual Data Breach Report.
Leading the Race You Don’t Want to Win – How Healthcare is so Vulnerable
The HIPAA Journal states that the cost of a data breach typically costs 65% higher than data breaches experienced by other industries. And an average from 5 of the largest healthcare IT blogs shows the cost of each record stolen is $413.80, with a range of $380-$429/record stolen. The most common form of sending malware. Email. Which is the transport method that 94% of received malware. In fact, 1 in 323 emails sent to SMB’s are malicious. The reason email is so successful is because we as humans are busy enough as it is. Healthcare professionals, arguably more than most. And that amount of chaos leads to simple human error. Healthcare professionals are flooded with emails every day. The one email that looks exactly the same as the last one your IT provider sent, but has two periods, is the one email that starts the catastrophe. And it may be years before you figure out that your network has been compromised. 96% of IT professionals in a new Black Book Market Research survey agreed that data attackers are outpacing their medical enterprises, holding providers at a disadvantage in responding to vulnerabilities. Even more concerning is that physicians and dentists are 14% less likely to use the most basic form of email authentication than the national average.
Easy Money, Easy Target – Being Aware that you are Unaware
In the Financial Sector, the average cost for a stolen record is $210, per HIPAA Journal. Over 60% of all the exposed data in 2019 came from a financial service. Astoundingly, the Financial Sector only accounted for 6.5% of the overall data breaches. The average cost for a SMB in the United States is roughly $200,000-$2.5 million dollars, which is enough to financially crumble a lot of self-proprietary owned businesses, per IBM News. This is correlated to the lack knowledge and awareness of security threats & protocols within financial organizations. A Report from Accenture highlighted this general unawareness & knowledge in cybersecurity, stating that 43% of cyber-attacks target a small/medium size business and only 14% of those companies are equipped and prepared for an attack. Smaller financial firms believe that they do not acquire enough data to become a target for a cyber-attack, so they don’t feel the need to obtain sound security protocols. Making them an easy, prime target for cybercriminals & organizations.
How to Protect Yourself – Cost vs. Reward
With the average cost of a data breach cost anywhere between $150,000-$2.5M and every industry continually relying and digitizing their technology and data, there must be something a SMB can do to protect itself. Outsourcing. Outsourcing your cyber security as a SMB not only increases efficiency, strengthens your security posture at a fraction of the cost of an inhouse team but, it actually saves you money. Especially in the long run god forbid a breach does occur. Having practical & innovative security services can save companies ~ $1 million annually, per IBM News. Cybersecurity isn’t a luxury it is a necessity, so it shouldn’t have luxury costs. Here at Steel Patriot Partners we can provide innovative machine learning, artificially intelligence driven security software for a fraction of the cost of an average CISO or an in-house IT team.
What Does This Mean Realistically? – How Can It Affect You?
A local news report out of Richmond, VA stated that Virginia is 9th in the country for the highest number of breaches. Human error and system failure accounted for 52% of data security breaches and an estimated 63% of confirmed data breaches leverage a weak, default, or stolen password. Couple that with the average breach costing well over $100k, and the cost of a compromised employee password is $383,365 on average. It certainly implies that cyber security should not only be on the forefront of the digital society we live in, which it is. But it should also be a prominent topic of conversation for any SMB. If you ever have any question regarding cybersecurity or want a second opinion, we at Steel Patriot Partners, would be more than happy to help you through that process and help you create a more secure environment!