dcsimg
 
 
 
 
 

The Great IT Security Paradox

 
 
By Michael Vizard  |  Posted 2016-03-03
 
 
 
 
 
 
 
 
 
  • 1 of
  • Previous
    1 - The Great IT Security Paradox
    Next

    The Great IT Security Paradox

    Most execs say data breaches at their firms are inevitable, yet most believe their data is secure. This paradox makes selling security services difficult.
  • Previous
    2 - Inevitability of a Breach
    Next

    Inevitability of a Breach

    One-fourth (25%) said they are certain that data breaches will happen at their companies, and another 40% are pretty sure that their firms will become victims.
  • Previous
    3 - Level of IT Security
    Next

    Level of IT Security

    A full 65% believe all of their organization's data is completely or mostly secure; 73% believe their firms' critical data is completely or mostly secure.
  • Previous
    4 - Biggest Risks to the Business
    Next

    Biggest Risks to the Business

    At 18% each, information security is now tied for first with losing market share to competitors.
  • Previous
    5 - Information Security Paradox
    Next

    Information Security Paradox

    More than half (54%) describe information security as "vital" to their business. Yet more than half (56%) of companies are unable to guarantee that all their critical data is protected.
  • Previous
    6 - Cost of a Breach Based on Company Size
    Next

    Cost of a Breach Based on Company Size

    On average, a breach would cost companies just short of $1 million ($907,053). Companies with fewer than 1,000 employees averaged $362,550. Companies with more than 5,000 employees anticipate losing $1,465,976.
  • Previous
    7 - Cost of a Breach Based on Industry Vertical
    Next

    Cost of a Breach Based on Industry Vertical

    Computer services and technology companies anticipate losing $2,708,438, on average from a breach. This is far more than other sectors. Retail, distribution and transport companies come in second, with losses of $1,037,103.
  • Previous
    8 - Financial Damage From Breaches
    Next

    Financial Damage From Breaches

    On average, respondents estimate that revenue will drop by one-eighth (13%) as a result of a security compromise. Meanwhile, 54% said that their firms would face direct financial losses in the event of a breach, with 48% also citing financial penalties from regulators.
  • Previous
    9 - Damage to Company Reputation
    Next

    Damage to Company Reputation

    Six in 10 respondents point to reputational damage as a significant effect of a data breach, and 69% (the highest number of all) worry about loss of customer confidence.
  • Previous
    10 - Additional Costs
    Next

    Additional Costs

    Other costs after a breach are legal fees (19%) and the expense of compensating customers for the loss of their data (18%). Fines and compliance costs account for another 15%, while compensation for suppliers and employees costs 19%. Third-party remediation services make up just 15% of the anticipated breach recovery cost.
  • Previous
    11 - Information Security in Practice
    Next

    Information Security in Practice

    Eight in 10 respondents said that they are continuously improving and updating their security processes and features. Yet only 52% have a full security policy in effect, and 27% report they are in the process of implementing one. The remainder are either at the design stage or just thinking about it.
  • Previous
    12 - Security at Smaller Companies
    Next

    Security at Smaller Companies

    Only 43% of companies with 1,000 or fewer employees have a full policy in place, compared with almost 70% of companies with more than 5,000 people.
  • Previous
    13 - Data Recovery Plans
    Next

    Data Recovery Plans

    Almost half (49%) have a full recovery plan in place. However, more than half of all respondents are not fully aware of what is in their organizations' DR plans, and 14 % have no idea what would be needed of them in the event of a catastrophic data loss.
  • Previous
    14 - Value of Cyber-security Insurance
    Next

    Value of Cyber-security Insurance

    35% have a dedicated cyber-security insurance policy, although another 27% are actively working on getting one. Yet less than half of all participants whose companies have purchased cyber-risk insurance (46%) expect it to cover legal costs. Only four in 10 expect it to cover regulatory and government fines and remediation. Covering the loss of business and intellectual property is even less likely, at 25%.
 

On average, the total cost of an IT security breach is closing in on a million dollars. Although large companies have more at stake than smaller ones, fixing the breach only accounts for about 15 percent of the total cost, according to the findings of new survey conducted by Vanson Bourne on behalf of NTT Communications. Based on a poll of 1,000 business decision-makers, the study shows that legal fees, fines and compensating customers and suppliers for losses make up the vast majority of the costs incurred when an IT security breach occurs. For IT solution providers across the channel, that means the cost of contracting their security services is generally still a fraction of what's at risk. However, the challenge is that even though most executives expect security breaches at their companies, the majority still felt their data was secure. Unfortunately, that paradox often makes it difficult to sell additional security services until well after a prospective customer has already been victimized. Channel Insider looks at key findings from the NTT Communications research.