Already a significant concern before 2021, this year has revitalized cybersecurity as a top priority for every organization. Highly consequential cybersecurity incidents at companies like Colonial Pipeline, Kaseya, and T-Mobile brought front-page coverage to the issue, while cybersecurity attacks on small and medium-sized businesses soared, spreading the reach of threat actors.
Collectively, many government officials, private companies, and even cybersecurity professionals are approaching the future of cybersecurity with a fresh sense of urgency. However, outliers remain. One survey of American workers found that more than half indicated their companies “have not been taking cybersecurity seriously.”
October is Cybersecurity Awareness Month, which means every organization has an opportunity to evaluate its defensive posture, ensuring that they have the tools, talent, and procedures to thwart the latest threat trends. It’s also an opportunity to reprioritize cybersecurity as the bottom-line, mission-critical challenge that it really is. Still unconvinced? Here are five reasons cybersecurity deserves your attention today.
Data breaches and cybersecurity incidents are expensive. According to the latest industry study, the average data breach cost companies $4.24 million, a nearly 10 percent year-over-year increase, and the “highest average total cost in the 17-year history of this report.” Some aspects are becoming more expensive even more quickly.
For example, the average ransomware payment increased from $7,000 in 2018 to more than $200,000 in 2020, demonstrating the financial motivation that undergirds many cyber attacks.
Of course, the cost of a data breach or cybersecurity incident can’t be quantified in dollars alone. Consumers are increasingly wary of doing business with companies impacted by a data breach, and the hard-to-quantify reputational damage can have long-lasting economic consequences for today’s companies.
A Gartner survey found that 82 percent of company leaders plan to let employees work remotely at least part of the time, ushering in a hybrid workforce that makes cyber threat detection and prevention even more challenging.
For instance, remote workers are more likely to fall for phishing scams, rely on vulnerable wireless connections, or accidentally compromise company or customer data. Even the cost of a remote work-related data breach is more than $1 million more expensive compared to breaches where remote work wasn’t a factor.
As companies make remote and hybrid teams a regular part of their operational arrangements, they need to understand the threats and augment their defenses accordingly.
Not all data breaches are caused by highly proficient threat actors out for financial gain. In fact, Verizon’s 2021 Data Breach Investigations Report found that 85 percent of data breaches involve a “human element,” underscoring the prominent threat posed by company insiders.
With the number of phishing scams increasing significantly since the onset of the recent pandemic, accidental data breaches are an especially acute cyber risk, accounting for more than one-third of all data breaches. To be sure, accidents are often preventable, and businesses will need to adopt the tools and processes to protect their data from the human element of cybersecurity.
Years of expansive and egregious data breaches prompted governments around the world to draft and enact data privacy regulations that punish companies for failing to adequately protect their users’ data.
In addition to Europe’s often discussed General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act, many more states are set to enact data privacy laws this year, and some US lawmakers have identified a national privacy law as a priority for their legislative agendas.
In other words, companies should expect more scrutiny and oversight moving forward, and their defensive posture will play a critical role in achieving compliance.
Ultimately, business leaders should care about cybersecurity because it’s the right thing to do. Data breaches can have devastating personal and financial consequences for victims, and companies have a moral responsibility to respond.
As digital-first continues to become many organizations’ de-facto operational model, they must balance the benefits of digital tools with the responsibility to defend their online infrastructure against the existing and emerging threat trends. This October, let’s bring cybersecurity back to the forefront, ensuring that we are doing everything possible to protect employees, customers, and communities from the expansive fallout of a data breach or cybersecurity incident.