Indeed, while data leaks can endanger customers’ personal information, as happened to Desjardins in 2019, they also often tend to drive up consumer bills.
IBM’s latest annual report on the cost of a data breach, published last July, indicates that a single attack costs, on average, a total of $5.62 million worldwide, and $7.29 million $ in Canada. Moreover, no less than 83% of the 550 international companies surveyed were not at their first breach.
60% of companies surveyed said they had to increase the price of their products or services to compensate for lost money.
Long flaws to identify
IBM Canada Associate Cybersecurity and Digital Trust Associate, Evan O’Regan, talks about a
Imagine a supply chain, from the moment the good is produced, the company that takes care of the logistics, the transport. In this supply chain, there may be several companies that have been hacked, which contributes to the consumer cybertax.
The monetary loss can be attributable to the cessation of commercial operations if, for example, an online sales site is temporarily disconnected, but also to the efforts to be made to detect and resolve the problem, to put the system back into operation, to ensure that the same weakness cannot be used a second time and notify users.
IBM’s report also highlights the fact that it can take many months for a problem to be found and fixed. Indeed, it takes an average of 207 days to identify a data leak and 70 days to contain it.
On this aspect,
Canada is doing relatively well, commented Mr. O’Regan. Indeed, the Canadian average to detect a breach and fix it is 208 days, compared to 277 for the world average.
Build a castle
There are ways to protect yourself to reduce the frequency and cost of leaks, O’Regan said, lamenting that
companies see their IT security service as an expense to be reduced rather than an investment.
He advocates an approach named
A traditional approach is like a castlehe said.
You have walls, moats, because you expect danger to come from outside. But the reality is that today it must be taken for granted that these defenses have already been penetrated.
He therefore advises companies to have a robust identity and access management policy, for example by having safeguards in place against hackers who have managed to take control of an employee account.
The massive deployment of telework during the pandemic has caused its share of IT weaknesses, increasing the risk of breaches as well as the average cost of these. But Mr O’Regan argued that the practice
is neither difficult nor complicated to protect yourself wellbut it is necessary
be sure to give workers the tools and training required.
According to the report, the use of artificial intelligence can, in turn, cut costs almost in half.
The 2022 report is the seventeenth to be published by IBM. The research was conducted by the Ponemon Institute, which analyzed breaches that occurred at 550 companies across 17 countries or regions between March 2021 and March 2022.