Data breach
The Great IT Security Paradox
Most execs say data breaches at their firms are inevitable, yet most believe their data is secure. This paradox makes selling security services difficult.
Inevitability of a Breach
One-fourth (25%) said they are certain that data breaches will happen at their companies, and another 40% are pretty sure that their firms will become victims.
Level of IT Security
A full 65% believe all of their organization’s data is completely or mostly secure; 73% believe their firms’ critical data is completely or mostly secure.
Biggest Risks to the Business
At 18% each, information security is now tied for first with losing market share to competitors.
Information Security Paradox
More than half (54%) describe information security as “vital” to their business. Yet more than half (56%) of companies are unable to guarantee that all their critical data is protected.
Cost of a Breach Based on Company Size
On average, a breach would cost companies just short of $1 million ($907,053). Companies with fewer than 1,000 employees averaged $362,550. Companies with more than 5,000 employees anticipate losing $1,465,976.
Cost of a Breach Based on Industry Vertical
Computer services and technology companies anticipate losing $2,708,438, on average from a breach. This is far more than other sectors. Retail, distribution and transport companies come in second, with losses of $1,037,103.
Financial Damage From Breaches
On average, respondents estimate that revenue will drop by one-eighth (13%) as a result of a security compromise. Meanwhile, 54% said that their firms would face direct financial losses in the event of a breach, with 48% also citing financial penalties from regulators.
Damage to Company Reputation
Six in 10 respondents point to reputational damage as a significant effect of a data breach, and 69% (the highest number of all) worry about loss of customer confidence.
Additional Costs
Other costs after a breach are legal fees (19%) and the expense of compensating customers for the loss of their data (18%). Fines and compliance costs account for another 15%, while compensation for suppliers and employees costs 19%. Third-party remediation services make up just 15% of the anticipated breach recovery cost.
Information Security in Practice
Eight in 10 respondents said that they are continuously improving and updating their security processes and features. Yet only 52% have a full security policy in effect, and 27% report they are in the process of implementing one. The remainder are either at the design stage or just thinking about it.
Security at Smaller Companies
Only 43% of companies with 1,000 or fewer employees have a full policy in place, compared with almost 70% of companies with more than 5,000 people.
Data Recovery Plans
Almost half (49%) have a full recovery plan in place. However, more than half of all respondents are not fully aware of what is in their organizations’ DR plans, and 14 % have no idea what would be needed of them in the event of a catastrophic data loss.
Value of Cyber-security Insurance
35% have a dedicated cyber-security insurance policy, although another 27% are actively working on getting one. Yet less than half of all participants whose companies have purchased cyber-risk insurance (46%) expect it to cover legal costs. Only four in 10 expect it to cover regulatory and government fines and remediation. Covering the loss of business and intellectual property is even less likely, at 25%.