Data Breaches by the Numbers
From lawmakers and regulators on Capitol Hill to analysts on Wall Street and consumers on Main Street, data breaches are having a more reaching, negative impact than anyone could have imagined. Escalating regulatory fines, litigation costs, and financial rating downgrades are few of the effects hitting corporate bottom lines, and require CFOs, CISOs, and CIOs to put cybersecurity on the top of the agenda.
In examining the numbers, causes and financial costs of data breaches, there’s a lot more to lose than meets the eye. What have we learned so far?
Vulnerable web applications are the No. 1 cause of all data breaches for several years in a row, according to Verizon’s annual Data Breach Investigations Report; Kaspersky also concludes that almost 75 percent of corporate network breaches are caused by vulnerable web applications.
In stepping back, what does this mean for consumer records and privacy? Dark Reading reported that the 10 largest web breaches in 2018 accounted for approximately 3.6 Billion exposed records.
According to NIST, for organizations, the average cost of a data breach is a whopping $7.5 million. In many cases (70 percent of the time, according to Dark Reading), breaches are discovered by someone outside the organization. And after that, it can take 50 days for the organizations to report a breach.
From a timing perspective internally, on an average, it can take 80 days for corporations to detect a breach and can take four months to resolve.
When and where the vulnerability is discovered in a web application lifecycle can determine the cost of remediating it. The longer it takes to discover a vulnerability, the more expensive it can be. In the development phase, vulnerabilities can cost $80 to fix, but as they move through the lifecycle, costs can skyrocket up to $7,600 per defect while in production.
The sooner vulnerabilities are discovered, the sooner are they remediated and the better the outcome for the bottom line.
Benjamin Franklin once said that an ounce of prevention is worth a pound of cure, and the same is true in cybersecurity. DevSecOps approaches that automate vulnerability testing and remediation can drastically reduce the chances of data breaches. Thankfully, they are quickly gaining adoption across corporate environments.