Data breaches

When it comes to data breaches, the question isn’t IF it will happen to your company, but when.
With the total global cost of a cyber-crime predicted to hit $6 trillion by 2021 and a 1 in 4 chance your company will experience a substantial data breach, security concerns have become even more sobering for businesses worldwide.

So who’s next? or another question, How deeply will a data breach your organisation? Find out.

What do you have to lose?

  • Actually a lot. After an attack, companies experienced a major loss of:-


  • $17 million = the Average total cost of a data breach in the US, this is a 29% increase in the last 4 years.
  • ¬£2.48 million = the Average total cost of a data breach in the UK in 2017
  • 1/3 of businesses lose revenue, in that group, 38% said their revenue loss was 20% or higher.

Industries hit hardest by security breaches in the US:-

  • Healthcase $380 per record lost
  • Education $200 per record lost
  • Retail $154 per record lost
  • Average cost to identify a breach
  • $2.8million less that 100 days and $3.83million more than 100 days.


  • 7.1 billion identities have been exposed in data breaches in the last 8 years.
  • 88.9% of stolen data is personal information, Most stolen data includes social security data, financial records and medical data.
  • 22% lose customers
  • Businesses breached lost customers and in that group 39% lost more than 20% of their customers.
  • 23% lose business opportunities, organisations lost business opportunities and in that group 1/3 lost more than 20% of opportunities.


  • 191 days, average time to identify a data breach.
  • 66 days, average time to contain the breach.
  • 8 hours of network outages in almost half of breaches.

Are you ready to protect your data?

All breaches are not created equal and many are caused by external parties (data processors)
How does a data breach happen?

  • 47% Malicious or criminal attack, hacked by outside parties, or a result of a third party vendor being attacked.
  • 25% Human error, Make sure you and your team are trained and kept up to date with the latest security threats at least every year. (One of the key responsibilities of the DPO)
  • 28% System glitch, When both IT and business processes fail.

Are you prepared?
In a 2016 survey of 619 privacy compliance and IT security executives and professionals:-

  • 73% are not confident they can minimize the financial and reputation
  • consequences of a material data breach.
  • 56% are not confident they can deal with a ransomware attack.
  • 38% are not confident they can deal with a spear phishing incident.
  • 59% say their company cannot adequately respond to a data breach involved confidential information and intellectual property.

So what is the security solution.
Here are 5 ways to reduce the risk of a data breach.

  • Conduct regular security audits based on risks for example:- low risk data/systems at least every year, Credit/bank card card data and medical every 3 months or monthly as well as after every major change and system upgrade.
  • Define security standards ASAP.
  • Remember that security skill management is an ongoing investment.
  • Adapt to new risks and keep systems inline with “state of art”
  • Develop an incident plan NOW

How do respond to an incident?

Incident Response is pretty much the same, however the first few hours can be vital and only high priority actions can save the situation. Since this is a Security Breach, it is of highest priority and must be treated at highest escalation level.

Checklist To Respond To A Security Breach (first 24 hours)

1. Contain/Isolate Data Loss

Containment is a fundamental step to Incident Response to limit the loss to a minimum by barring the Attacks. Do whatever it takes like isolate the system, bring it down (if necessary), check the status of other critical systems. Isolate the affected assets and try to resume operations asap.

2. Quickly assess the business impact

Assess the impact immediately. This is critical while reporting to the stake holder as well as create an appropriate strategy for response.

3. Notify the Incident Response Team & Forensic Team

Since it is of highest escalation level, the Incident Response Team must be immediately notified. Following steps will be taken with their advice.

4. Notify legal advisory team & communication team

Advisory Team includes the Legal, Auditing Teams who can advise on how to recover best and the legal complications. All actions taken, including that of forensic team must be consulted with the Advisory Team.

Communication Team will communicate with the external world-employees,media,customers etc. about the Security Breach only if deemed necessary. Alerting employees can help reduce chaos and uninformed customer interactions.

5. Guard the Incident site for forensic proof protection

Documenting the scenario as it is found is absolute necessary. Systems must run as during the incident discovery, no change of state should take place. Also, outsiders including other employees must be prevented from entering the area. Only authorized persons (Forensic Experts/Incident Response Team) must be allowed. First few minutes can be critical to preserve data to track attacks eg. Volatile data.

6. Document and Interview People, Log Review

Document all details of Response Efforts and Breach Discovery. Also, retrieve data as much as possible from the resources available by interviewing the people concerned. Often Network admins and engineers might have a few anomalies to point out.

Logs are the second resource. Detailed review to check for all anomalies like unauthorized access can be a great indicator of scope of damage, assets involved etc.

7. Notify Customers and data commissioner if necessary within 72 hours.

In case the data loss is customer data and sensitive in nature eg. Personally Identifiable Information, the customers must be informed in allocated time . This should be only after consulting Directors, Legal Advisers etc.

8. Notify the CEO and DPO if it is a critical breach.

In case the data loss is customer data and sensitive in nature eg. Personally Identifiable Information, the CEO and data protection officer (DPO) should be informed. Make sure to also put together a quick note on how the organization is planning to respond to the breach including the current impact and future impact on business.

Post 24 Hours: Ask yourself..


  • Has complete recovery happened?
  • Why did the breach happen?
  • What are the preventive measures for future?
  • Are all the customers, systems and data safe/secure now?
  • What are the current drawbacks in your Incident Response?

Why would they attack your SME system even if you have what may appear to you to have no valuable data?

  1. They can use your system to hide and attack a more valuable target and if they do compromise that system you can be drawn into the legal investigation on that compromise. That can cause you a LOT of problems, time and money.
  2. The can also take ANY data they find on your systems and combine it with data from others sources making that data and yours more valuable.
  3. Many SME systems are easier targets and in many cases the data value is a higher return on investment than some bigger more difficult targets.

Ponemon Institute