TECHNOLOGY: DATA BREACH
Be prepared for the
inevitable
The cost of detection, response and containment around data breach
W
CAPTION: xxxxxxxxxxxxxxxxxxxxx
ith the implementation of the POPI Act,
companies dealing with personal information
on a daily basis cannot afford to assume they
are safe from a breach in their security. It
would be irrational to ignore how costly a data
breach can be and, worse, to assume there are no hidden costs to
the company post-breach.
Companies need to ensure that they have a strategic plan to deal
with the different types of breaches: malicious/criminal activities,
system glitches, and human factors.
In a study conducted by the Ponemon Institute LLC (sponsored
by IBM), entitled 2014 Cost of Data Breach Study: Global Analysis,
it was found that every country, regardless of technological
advancement or privacy law, is susceptible to data breaches. In
2013, there were, on average, 65,57 breaches of personal information
per day over 16 sectors worldwide. Assuming the breaches have
an even distribution, each sector will experience 4,03 breaches per
day. It was found that companies were unlikely to experience large
data breaches (+100 000), but that smaller data breaches (±10 000)
were 22% more likely to occur.
It can be difficult to estimate the exact costs of a data breach,
but estimations can be made based on previous examples from
around the world. Based on the study conducted by the Ponemon
Institute, the average cost of a single data breach can be up to
R32,5m. (This figure includes the hidden costs.) The average cost of
a data breach per capita across all major industries was estimated
at around R1 501,74. The top five industries’ costs per capita were
estimated at R2 609,91, due to the nature of the personal information
they store. Healthcare, education, pharmaceuticals, the financial
sector and communications made up the top five.
The type of strategies put in place at a company will ultimately
determine the total costs faced. A well-structured strategy on data
breach requires four areas of attention to best limit costs post-breach.
DETECTION:
Putting systems in place (if you have not done so already) to detect
data breaches will be the first cost to becoming POPI-compliant.
For many companies it will be a simple upgrade of their current
structures. However, in some cases companies may require a full
assessment of their current systems, and new structures will need
to be put in place.
Jordan Biermann, Knowledge Manager at Ovations
RESPONSE:
Once a data breach is detected, special investigations will need to
take place. The impact of the investigation will depend largely
Edition 10
Ovations.indd 45
BANKER SA
45
2014/06/24 1:54 PM