It's not just ransomware payouts ($455M yast year) - it's that the cost of investigations is way up:
For the 20 largest network intrusions, the average investigation costs increased 24 percent from $445,926 in 2021 to $550,987 a year later.
And it's also the lawyers:
Another source of financial outflow are lawsuits filed against companies that had to notify individuals that their data had been accessed by criminals. Of the security incidents handled by BakerHostetler last year, 494 involved having to send out such notifications. Forty-two of those resulted in one or more lawsuits being filed by people unhappy about their data being stolen.
That compares to 23 such lawsuits filed in 2021.
More than half of the 42 incidents that resulted in lawsuits – 26 – involved medical and health information being breached, and 20 involved a healthcare organization. Forty included Social Security Numbers or driver's license data and six involved payment card information.
As costs go up, it's easier to justify higher IT security budgets. Well, it should be.
4 comments:
Should be... not will be... THAT is the rub.
And that is why in my business I don't store sensitive data electronically.
My card processor assumed I was and I had to explain my data security procedure was to not store it... I have no need to store card data, SSNs, etc electronically (federal requirements mean I have to store some PII, so I do it in paper, locked up.
"Force majeure" claimed one of my employer's suppliers when they were hacked. LOL No is what I told the sourcing team. What IT security did you have? No answer yet.....
But the security theater about customer passwords will continue.
Post a Comment