Contributed by Edwin Doyle, Global Security Strategist, Check Point Software. 


Data breaches are a costly problem for companies, setting them back about $3.86 million/data breach, according to an IBM study. One of the main factors affecting the cost of data breaches is the time it takes to detect and contain them. On average, it takes 280 days to identify and manage them. The longer it takes to identify a breach, the more costly it is to contain it. To put some specifics around that statement, there’s a $1 million difference in cost between containing a breach in under 200 days vs. over 200 days.

When it comes to the reasons for data breaches, over 50% occur because of malicious attacks. While attackers target various sectors, the business and medical/healthcare sectors are preferred. In the US, the business and medical/healthcare sectors constituted 43.72% and 35.64% of the total data breaches in 2019, respectively (Statista). These numbers are considerably higher than those of the banking/credit/financial (7.33%), government/military (5.63%) and education (7.67%) sectors.

Malicious attacks launched in order to access personally identifying information aren’t a new phenomenon, but the scale and quantity of these attacks has increased significantly in recent years. The number of data breaches in the US rose from 157 in 2005 and 662 in 2010 to 1,506 in 2019 (Statista).

With such an increase in exposure of records, the possibility of a cyber-attack is a serious consideration for both small and large businesses today. Besides taking action to save on costs, it’s also a matter of the companies’ reputations – something that lead one company to pay hackers $100k to delete the data and keep a breach quiet, reports CNBC. A 2017 research report by Centrify shows that the stock price of a company drops by 5% immediately following the announcement of a breach.

So, how can a company tackle the data breach issue? Here are some measures to manage and avoid data breaches:

Containing the attack: Once it’s certain that a data breach has occurred, the IT department should begin implementing preventive strategies. Filtering and re-routing traffic and isolating portions of the affected network are some immediate measures that can help minimize the damage.

Segmenting a network isn’t as popular with IT teams as it is with the security department of a company, but the rise in cyber attacks has increased its use. One benefit that segmentation provides includes the fact that it ‘unflattens’ the internal network, making it harder for an attacker to move around the system freely after breaching the external security measures.

Recording the attack: The security team should record all the details of the attack as they become available to them. They should record the type of damage done to the systems, the quantity of compromised accounts, and the services disrupted by the attack.

Reporting the attack: Reporting security breaches is both a legal and moral matter. A company should report the data breach to local and state law enforcement agencies as well as the FBI, the District Attorney, and the US Secret Service (USSS). In terms of a legal obligation, the US doesn’t have any comprehensive data protection regulation. Instead, it relies on state and federal laws to fill the void.

Involving law enforcement also allows the company to manage the investigation. Law enforcement can guide in providing information to the affected individuals in a way that doesn’t compromise the investigation.

Personally identifiable information, under data breach laws, usually includes name, bank account/credit card numbers, computer logins, social security information, license data, and insurance. The business should provide data breach notifications according to the laws of that state. In terms of notification time, the notice time will vary from state to state.

As the stats given above show, some companies manage to save big by responding to the data leak in a timely way. One of the main factors affecting the response time is the technology in use: The IBM study found that absence of automation means a cost of $4.43 million. Comprehensive automation helps to bring this cost down to $2.88 million.

In terms of share value loss, the Centrify study found that companies with  a ‘high security posture’ saw a smaller decline in value as compared to companies with a ‘low security posture.’ The security posture was measured by the Security Effectiveness Score (SES), which is obtained from many security features. Some of the features of a high SES, according to the report, include: enterprise-wide encryption, programs addressing employee negligence, adequate resources for security personal and technologies, and a fully dedicated CISO. Attributes of a low SES include absence of response plans, inadequate technology-focused funding, poor data retention policy, etc.

Data attacks being a reality of life means proper preparation has become a perquisite for doing business in the digital economy. Ideally, there should be sufficient security measures and suitable technologies in place to deal with such attacks. But, in case these measures are absent or fail, right efforts to contain, document, and report the attack can help the company minimize damages to its clients and reputation.

For more insightful info on preventing data breaches, see our Buyer’s Guides.