Every C-suite executive knows that a data breach is bad for business. It's costly, gives the organization a bad reputation and signifies a need for a change in infrastructure.
New research is revealing that studies aimed at identifying the true cost of an information security breach are missing the mark by a lot—here's how.
Just the tip of the iceberg
A joint study by IBM and the Ponemon Institute revealed that the average data breach costs a business around $4 million. This is due to a number of reasons, mainly the cost to repair malicious attacks and the loss of business.
But recent research from Deloitte University Press says the cost is actually much greater. It reckons that the actual price of losing valuable and confidential client information is shrouded by as much as 90 percent. While the study focuses primarily on the damage driven by cyberattacks, the results can be extrapolated quite simply to represent the dangers of recycling old electronic devices without securely erasing the information they contain.
The Deloitte study found there are 14 impacts that hit an organization after a data breach. Seven of these factors are well-known, with attorney and litigation fees, customer notification and protection, public relations cost and IT infrastructure upgrades among them. But the lesser-known root of expenses are just as expensive, Deloitte reported:
- Increased insurance premium and cost to raise debt.
- Disruption to routine operations.
- Devalued brand name.
- Loss of value in: contract revenue, company assets and trademarks, customer relationships.
All of these factors don't represent themselves until years after the data breach, and aren't necessarily tangible. But nonetheless, they increase the cost of lackadaisical information protection. Deloitte's study didn't even mention the fines associated with breaking compliance law either, which can take a hefty toll on finances.
Stay out of the red
While it's common practice for every company to protect itself against cyberattacks like malware and ransomware, it's a lesser known concept to defend against physical breaches of security. According to PricewaterhouseCoopers, one out of every five security breaches are the result of improperly handled old media devices. This includes computers and hard disk drivers that once held confidential information being put out of commission due to newer technology being available.
In the digital era, it's incredibly unwise to simply throw away an electronic device. While many lean on software wipes as a way to ensure the information isn't able to be retrieved, this doesn't actually erase data. The only secure data erasure method on the market right now is degaussing.
"20% of data breaches result from improper disposal of old media devices."
Degaussers effectively demagnetize the media stored inside of devices and scrambles it to the point where data can't be retrieved. In using this method, organizations are using exactly what the National Security Agency recommends to delete data from media devices.
After degaussing, it's highly recommended that companies crush the devices rather than handing them off to a disposal business or selling them on the open market. This ensures private information never falls into the wrong hands, and keeps the firm at bay from the devastating and more unknown costs of a data breach.
Exploitation of disposed electronics is a passive danger that many organizations choose to wholly disregard in favor of better cybersecurity. This is a mistake in the making, as losing data in this manner to a hacker can bring about the same repercussions as a cyberattack. IT departments with rooms full of old media just sitting there should look into degaussing as a means to get rid of them through a secure method, all while saving the company from a potentially financially devastating data breach.