Equifax. Target. Marriot. Delta Airlines. Recognizable names of course, but as of late, perhaps for the wrong reasons. Every day, malicious actors take the web in search of valuable personal information, made available through the misguided handling of customer data by companies across the globe. When they come for your company, don’t be surprised–almost 30% of organizations are likely to suffer at least one breach over the next 24 months.
Upward trend visible in number of data breaches in the US annually since 2005
These breaches come at a serious cost to businesses. Mounting regulatory pressure on companies to secure their data pipelines translates to a rapidly shrinking margin of error, and much greater losses as a result of exposure. These losses include a combination of direct and indirect costs related to time and effort in dealing with the breach, lost opportunities as result of bad publicity, and regulatory fines.
In the United States, the cost associated with the leaking of personal information averages $8.19 million per breach.
A leading factor in the rise of data breach costs has been the impact of regulatory fees. Take, for example, the massive regulatory hit dealt to Marriott last year. The Marriott hotel chain originally claimed its 2018 data breach had cost it around $28 million. However, in July of 2019 the UK’s data protection authority (the ICO) issued a $124 million fine to the company for GDPR compliance failures in response to the breach.
Average cost of a data breach globally has gone up almost $500k over the past five years.
This can happen to anyone, at any scale–including the world’s biggest companies, with an abundance of cash and resources on hand. In a company of any size, Information Security is only as strong as the weakest link in the system. And the next data breach may likely not come sneaking through a firewall, or circumventing enterprise security systems – but may likely come as a direct result of the mishandling of personal information in SaaS products.
In the day-to-day hustle of office life, the seemingly harmless transmission of a document can have dire consequences if the document contains personal information. As this new subset of data leaks grows in prominence, it’s time to ask yourself, is your company doing everything it can to protect itself?