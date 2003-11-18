The first thing anyone thinks of when considering the cost of something is how can it be calculated in monetary value. Up until now, it’s been difficult to pinpoint the exact cost of a data breach, given many companies are not too willing to unveil the money they’ve spent cleaning up the mess left behind after being hit, or the drop in sales figures. There are some indications though that can help give a guidance. Studies such as the annual Ponemon Institute’s Cost of a Data Breach report aims to paint a clearer picture – indicating the average cost is currently $3.62 million globally ($141 for each piece of data) and as much as $7.35 million in the US.

[...] As well as business suffering from a clear financial hit, the transparency aspect of GDPR has increased the potential for companies to suffer reputationally as well. As consumers become more aware of the increasing number of breaches out there, they are starting to understand they have the power in the relationship, particularly with GDPR enabling points like the ‘right to be forgotten’.

Companies need to realise that if they get breached, consumers will simply go to another brand they consider to be more secure. Take the case of TalkTalk as a great example. Following its well-publicised data breach, the company lost around 100,000 customers, who simply deemed that they could not trust the business to keep their details safe. In this case the CEO also had to step down, a growing consequence that is beginning to develop with senior management usually in the firing line when a breach occurs.

[...] So, with regulation making things more transparent and media headlines making consumers more aware, how can businesses avoid being the next Equifax or TalkTalk?

The simple answer is there needs to be a change of mindset when it comes to security in the business world. Businesses can no longer adopt a ‘it won’t happen to us’ approach or ‘my perimeter can’t be breached’ mentality. The focus must be on securing the most sensitive data a business has at its core. Too many companies attempt to secure the outside and leave the data exposed, meaning if a hacker was to break in, they can almost help themselves. Encrypting data at rest and in motion, securely managing the encryption keys and storing them securely, while also managing and controlling user access, are vital steps for businesses to take to protect themselves.