What a data breach means for your business and how to get prepared!

In todays world, CEOs, Directors, Partners, and Board Members have a lot on their plates, juggling the needs of the business with ever growing costs, trying to achieve profitability and growth goals, whilst taking charge of their infrastructure and security needs and all of this whilst maintaining the company reputation.

BUT, just one data breach can undo all of your hard work, setting you back years due to downtime, loss of earning, loss of reputation, investigations and potential litigation action from other businesses or the ICO.

So, what exactly is a data breach?

A data breach is:

compromise of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to protected data transmitted, stored or otherwise processed. [1]

But, what does that mean for your business?

A data breach or cyber attack is designed to disrupt your business, by means of stealing your data or intellectual property, reducing your access to your own systems and restricting your business. More often than not this is usually for monetary gain, either by ransom demand or fraud.

Are you on the list of UK Cyber Attacks?

There is a high chance that you are, maybe not directly, but it could be that you’re business was involved in another breach that you’re not even aware of.

According to the Cyber Security Breaches Survey 2022 [2], produced by the Department for Digital, Culture, Media and Sport an arm of the UK Government, 39% of UK businesses were subject to at least one cyber attack that they were aware of. Of these 83% were by means of Phishing, the remaining 17% were by way of Ransomware, Denial of service, Malware or other forms of attack.

What are the implications for your business due to a data breach?

According to the report, 20% of businesses had a direct loss of funds and/or data, and over 35% experienced some form of impact to their business; I.E. Loss of goods and services, loss of reputation, loss of revenue and/or share value, changes in staff prioritisation, costs of repairs, additional expense to prioritise security and reactively correct security issues, customer complaints. This also was then further impacted by legal fees, litigation costs, compensation payments and even a direct payment of the ransom itself!

For those business that only had a data cost, it still took 40% over 24 hours to get back online, and 8% took more than a week, some with permanent loss of data.

PHISHING

The fraudulent practice of sending emails or other messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

RANSOMWARE

A type of malicious software designed to block access to a computer system until a sum of money is paid.

DENIAL OF SERVICE

An interruption in an authorized user’s access to a computer network, typically one caused with malicious intent.

MALWARE

Software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system.

What were the monetary costs of the data breach?

At the time of the report, the average direct costs linked to a data breach for SMEs was £3,080 this was significantly higher to larger business at £19,400. The indirect costs were also significant at £3,770 for a large breach this due to staff not being able to work, new equipment required, loss of access, data and intellectual property and other costs.

In summary

The summary of the report concluded:

The findings from this year’s survey demonstrate that there is room for improvement in many elements of organisations cyber hygiene. It is clear that cyber resilience is highly influenced by board behaviours.

Though the high-level prioritisation of cyber security amongst boards is high, this does not translate into high expertise. Furthermore, cyber and IT staff are unable to justify the business case for cyber security, which impacts ability to make effective cyber security decisions. This means investments are often not made into key areas that enhance organisations’ cyber security.

This leads to a reactive approach to cyber incidents as opposed to a proactive approach in limiting cyber risk.

The current findings show that the attiudes among CEOs, Directors, Partners, and Board Members is one of, we will deal with it when we have to, meaning that only 54% of businesses have acted proactively in looking at their cyber risks and started to put security measures in place. At present the most common of these was monitoring tools at 35%.

Businesses therefore often handed their cyber security over to their insurance providers, hoping that they would be able to mitigate any legal action should a breach occur, however this does not remove the costs of a data breach (both monetary or reputational), or they tried to hand this over to their IT colleagues to deal with, again with the limitation of knowledge, expertise and time. Only a small proportion of businesses outsourced their cyber risks to cyber security or managed service providers.

What are the benefits of outsourcing your Cyber Security?

The reasons are to gain access to more significant knowledge, expertise, experience and better quality standards, whilst also giving you the advantage of less of an impact on your budget when compared to hiring your own internal security staff.

Some of the key advantages are:

  • Capital Expenditure can be converted into Operational Expenditure, meaning that it is easier to budget in the long term, making it easier for businesses to access the security resources they need to protect them in todays ever changing landscape.
  • Staff illness, leave, holidays and other things do not impact your security resilience as it is all still taken care of on your behalf. In working with a credible and reputable MSP/MSSP, you are ensuring that there is always someone who is skilled, knowledgeable and ready to respond to security incidents and provide the maintenance required to keep your security as good as it can be.

So, what now?

Ultimately, that is up to you, but before making the decision to invest in your internal resources, consider the multiple benefits that an outsourced provider can bring you!

You can give away the Cyber Security headache to a partner that wants to help and free yourself to concentrate on your own businesses without the need of worry of what’s happening with your security as its already taken care of!

Published by Christian Bradley (Managing Director)
[1] https://www.iso.org/obp/ui/en/#iso:std:iso-iec:27040:ed-1:v1:en
[2] https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022#chapter-5-incidence-and-impact-of-breaches-or-attacks