In just the past few years, the world’s cybersecurity situation has gone from serious to critical. With the number and scope of data breaches soaring to record heights in 2021, the likelihood of any individual business coming under attack is almost a certainty. And for those who fail to rise to the occasion, the legal and financial consequences of inaction may be ruinous.
Why is investing in cybersecurity an operational necessity?
The cost of a data breach can be staggering — an average financial loss of $4.24 million per afflicted business in 2021, according to a report from IBM. That’s the highest amount in the report’s 17-year history, and a huge leap from the average of $3.86 million just the year before.
So, where are all those millions going? The specific costs experienced by each organization will depend on a number of factors, such as the overall scope of breach, the nature of the compromised data, whether compliance was unmet and legal action pursued, among other factors. Most often, the bulk of the cost is of a legal nature, involving the payment of steep court fees, regulatory fines or settlements. For instance, the SEC issued its first-ever cybersecurity fine in June 2021.
As multinational companies like Google and Facebook have discovered, the EU and the EEC can also be aggressive when prosecuting organizations believed to be in violation of their regulations. And since 2020, the CCPA and CPRA have operated by this standard in an effort to protect the data of Californians — which, in terms of eCommerce, affects pretty much every business in the United States (above a certain stipulated size).
Under many of these laws and regulations, the penalties for failing to protect customer data are extensive, and can extend not just to companies, but increasingly to the executives who run them. Claiming ignorance offers no defense against them, either, particularly if customer data has been obviously compromised under your watch.
And on top of these broad regulations, other, more specific requirements may apply to each individual business. These will depend on industry — healthcare and finance having particularly stringent guidelines — as well as size and location. Larger companies, and those that do the bulk of their business online, are required to meet the requirements of any jurisdiction in which they operate, be it California or the European Union.
Investing in cybersecurity: How to get started
As with most legal risks, protection is available for data security. A formal, fully vetted cybersecurity plan that follows an established cybersecurity framework has become standard operating procedure in many industries. But it takes an expert understanding to decipher and comply with these regulations, and to navigate these complex compliance risks and technical stipulations.
Creating an effective, organization-wide cybersecurity strategy is a complex process. From forensic and investigative processes to infrastructural upgrades to staff training, there are many working parts, and each needs to be airtight. Leaders who don’t have the exact level of knowledge — or who don’t have an expert on their staff — should seriously consider seeking professional guidance.
The right way of investing in cybersecurity can take different forms. For some businesses, hiring a Chief Privacy Officer may be the best way to get access to hands-on, integrated expertise. For other companies, working with a qualified consultant or partner may be a more effective way to update your cybersecurity posture, and implement the plan that will best protect you and your business from regulatory risk.
And, don’t forget, investing in cybersecurity doesn’t just take the form of dollars, but time and commitment, too. The entire organization needs to get on board for a cybersecurity strategy to truly succeed, and that takes legitimate buy-in from leaders. But then again, nothing less will protect your organization against the quickly escalating legal risks of failing to protect the data under your charge.
If you’re seeking guidance on investing in cybersecurity, we’re here to help. Contact us here to set up a complimentary consultation with an Omnistruct cybersecurity specialist.