managed, cloud, and hybrid services â delivered by local resources and ... 35% of respondents say their organization h
2016
Cost of Security Breaches to the Business
Report
While 54% of business decision makers say information security is ‘vital’ to their business and 18% agree poor information security is the single greatest risk, two thirds predict their business will suffer a data breach in the future. The Risk:Value report, which surveyed 1,000 business decision makers in organizations across seven countries, highlights the anticipated cost to the business.
Risk:Value 98%
Effects of a Security Breach
The most likely internal effects are: Almost all respondents state their organization would suffer external (98%) and internal (98%) impacts if they had information stolen in a security breach.
Introduction of stricter security procedures (57%) Disciplinary action against employees (55%) Increase in workload to fix issues and ensure it doesn’t happen again (46%) Loss of employee motivation (41%) Staff losses (to join other companies/competitors) (34%) Potential resignation of a business decision maker (31%)
The most likely external effects are:
9 weeks
Loss of customer confidence (69%) Damage to reputation (60%) Direct financial loss (54%) Financial penalty from sector body or government (48%) Loss of shareholder value/share price (43%)
70% of respondents say it would take their organization longer than one week to recover from a security breach. On average, it would take an organization around nine weeks to recover.
Cost of Losing Information On average, respondents estimate it would cost the organization around
$907,053
to recover if they lost information during a security breach.
Revenue Loss
-13%
There is also likely to be a significant revenue loss if organizations suffer an information security breach. 78% feel their organization’s revenue would decrease if they had an information security breach. The average anticipated drop is 13% (compared to 8% in 2014).
Remediation Costs There are also additional remediation costs to consider, and the total cost of a security breach is likely to be split in various ways:
Legal costs (19%) Compensation to customers (18%) Third party resources (15%) Fines or compliance costs (15%) PR and communications costs (13%)
Insurance Cover Despite the financial loss at stake, the majority of organizations are not fully covered financially and remain liable to cover these costs:
41%
41% report their organization has some kind of insurance to cover for the financial impact of data loss and a security breach 12% are not covered for either 35% of respondents say their organization has a dedicated cybersecurity insurance policy (with 27% in the process of getting one)
Organizations with insurance cover for the financial impact of data loss and a security breach reported the cover would include the following aspects: Legal costs (46%) Regulatory fines (43%) Remediation (41%)
However, they reported their insurance cover could be invalidated due to:
Lack of compliance (50%) Not complying to business policies (46%) Lack of an incidence response plan (43%)
An Executive Summary of the report can be downloaded at: www.nttcomsecurity.com/en/riskvalue Methodology
About NTT Security
NTT Security commissioned Vanson Bourne to conduct an independent survey of 1,000 business decision makers (not in the IT department) in organizations in the US, UK and Germany (200 in each), and France, Sweden, Norway and Switzerland (100 in each) during October/November 2015. Respondents’ organizations had more than 500 employees, but those in Norway, Sweden and Switzerland could come from organizations with at least 250 employees. There were a minimum number of responses from the financial services sector (at least 50 in UK, US, France, and Germany) and a minimum of 30 in the other countries.
NTT Security seamlessly delivers cyber resilience by enabling organizations to build high-performing and effective security and risk management programs, with controls that enable the increasingly connected world and digital economy to overcome constantly changing security challenges. Through the Full Security Life Cycle, we ensure that scarce resources are used effectively by providing the right mix of integrated consulting, managed, cloud, and hybrid services – delivered by local resources and leveraging our global capabilities. NTT Security is part of the NTT Group (Nippon Telegraph and Telephone Corporation), one of the largest information and communications technology (ICT) companies in the world. For more information, visit www.nttsecurity.com.
www.nttsecurity.com
