What is the True Cost of a Data Breach?

The average cost of a data breach in 2017 was over $3.5 million — 2018 Varonis Global Data Risk Report

By now you’ve probably heard that when it comes to experiencing a data breach, the question is not if it will happen to you, but when. Understandably, you may be skeptical of this statement; I was, too, until I learned that while I only have a 1 in 960,000 chance of being struck by lightning this year, the chances of my organization experiencing a data breach are 1 in 4.

If that’s not enough to get you to think twice about the safety of your organization’s data, keep in mind that although the average cost of a data breach may have declined (to $3.62M), the breaches themselves are larger and more records are being exposed; the average number of compromised records recently increased by nearly 2% to 24,000 records per incident.

So, allow me to pose a question: what would be the cost to your organization if “only” 200 of your confidential, private records made their way onto the web? Pick any set of records you want—your contacts database, your stored proprietary files, your invoices or your employee reviews. What would be the consequences of having any of that information out in the open? Now ask yourself what the consequences would be if you left that data exposed, but it was encrypted using a modern, provably secure, 256-bit AES encryption tool?

GhostVolt secures your data automatically with 256-bit AES encryption. Secure your teams workflow with the encryption tool built for teamwork. Try free for 30 days.

This type of data – and countless other sources (such as the working files that you and your team use every day), if not secured, can leave your company open to all kinds of internal and external risks. Internally, you certainly don’t want employee reviews made public, even if they never leave your network. Externally, that kind of leak could be catastrophic and have profound legal consequences. Not to mention that the leaking of other confidential data (even internal email addresses) can increase the likelihood of malware and ransomware attacks. As so many organizations have found, it only takes one click on a well-crafted phishing email to launch a chain reaction that can destroy every accessible file on your network, including stale data (information no longer needed for daily operations).

In other words, although a financial hit will play a major role in a company’s post-breach recovery, the impact of a breach is often felt externally as well:

• Damage to your company's credit
• The risk to the organization's reputation
• Negative consequences to customers/clients
• Consequences for employees

These are the kinds of things that keep CISOs up at night, but there are solutions. While there isn’t one magic bullet that can absolutely guarantee your organization’s security, every company should consider implementing some of the fundamental aspects of data security, starting with a robust data encryption solution (one of the very reasons we developed our flagship product GhostVolt).

Encryption is a kind of ‘fail safe’. Even if you have previously taken measures to protect your organization and there is still a security failure, data that's been encrypted is essentially useless to an attacker. Should your network defenses be breached and unauthorized access to your confidential data obtained, encryption acts as a final line of defense, preventing the unauthorized user from ever seeing or using your data in any way.

The most advanced encryption security standard to date — which is widely regarded to be mathematically uncrackable— is 256-bit AES encryption. This standard (also the standard used by GhostVolt) is trusted by both enterprise businesses and governments the world over to mitigate data breach threats. Encryption solutions should also work both during data transit and while data is at rest, making encryption the ideal solution regardless of how data is being used.

Deploying encryption as part of your security strategy ensures that your private data will remain private even in the event of a security breach, reducing your business’s internal and external liabilities from both cybercriminals and unauthorized insiders.

There is one thing we can say with certainty: not doing anything to lock down your data will almost guarantee that if your organization is the victim of a data breach, the consequences will be profound, if not severe. All else aside, you could potentially spend years recovering from the incident, rather than spending those years growing your business. With an easy-to-use encryption solution installed, all that confidential, proprietary data is rendered useless to the attacker.