With a series of large-scale data breaches making headlines recently, many businesses may be worried about falling victim to an attack and wondering what such an incident will cost them.
Recent financial results from US department store Target suggest the financial damage from its 2013 data breach reached $162 million (£105 million) last year, with no sign that the trouble is over yet. But while this may be an extreme example, as it involved one of the biggest data breaches on record, companies of all sizes need to understand the risks they face from cyber crime.
According to insurance brokerage and risk management firm Aon, typical costs involved in responding to a data breach include legal expenses and settlements, business interruption costs, and bills for investigating and remediating problems, the San Francisco Business Times reports. In some cases, expenses related to crisis communications and other specialised services will also factor into the final figure.
For four out of five security breaches around the world, these costs will total under $1 million, Aon noted. But in 15 per cent of cases, expenses will add up to between $1 million and $20 million, and in five per cent of incidents - the so-called 'mega-breaches' that tend to make headlines - costs of over $20 million can be expected.
Overall, Aon stated the average cost of a breach is $7 million, but only $3 million of this is likely be covered by cyber-risk insurance. This leaves a large amount of losses for businesses to absorb, even if they do have appropriate protection in place - which is often not the case.
Global practice leader for cyber and network risk at Aon Kevin Kalinich said: "In reality, if you consider all revenue classes, only eight per cent of US businesses buy cyber coverage." Worldwide,the figure is even smaller, at just four per cent.
Companies that are most at risk of falling victim to a cyber attack include those that deal heavily in personally-identifiable information. This may be customers' names and addresses, phone numbers, credit card details and social security numbers - all of which will have value for hackers looking to sell stolen data online.
Retail businesses, financial institutions, healthcare organisations and hospitality-related entities such as hotels and restaurants will therefore all need to be particularly alert to the risks they face, Mr Kalinich said.
US-based healthcare providers are especially tempting targets at the moment, as they often include social security numbers that can then be used for full identity theft. This is a result of hackers shifting their focus, as there are so many credit card number now available for sale on the internet that they are viewed as less valuable than a couple of years ago.
"If [stolen data] includes social security, it's ten times the value of credit card information, because you can create a whole new (fake) person," explained Mr Kalinich.
He also added that because cyber security is a highly dynamic, constantly-changing environment, so businesses need to make sure their security defences are a key part of their culture in order to keep up with evolving threats.
A key part of this will be having the right tools to protect networks and spot any intrusions. Innovations from Encode supported by IBM QRadar provide a comprehensive solution for this, as they integrate security information tools with event management, log management, anomaly detection, incident forensics and configuration and vulnerability management capabilities.