Another day, another hack! According to gov.uk, 39% of UK businesses reported cybersecurity breaches or attacks in the last year. This hardly comes as a shock as businesses continue to take a more digital-first approach.
But does your membership organisation truly understand the cost of a data breach to your business?
A data breach can be extremely expensive to recover from in more ways than one. Often, with budgets being set annually, security isn’t considered until it’s too late – and according to IBM, 2021 had the highest average cost of a data breach in 17 years.
Read on for a breakdown of some of the possible costs associated with a data breach and best practices you can adopt to enhance your security posture.
Investigating the Breach
A data breach is one of the biggest threats an organisation can face. In the unfortunate event you have one, you’ll likely need to do a forensic investigation depending on the severity of the breach, and whether or not internal resources exist.
There are also the system provider costs to consider.
The Information Commissioner's Office (ICO) can issue a monetary penalty for failing to comply with GDPR and other various notices, with fines up to a whopping £17.5 million.
If the breach is deemed serious by the ICO, as a result of following your breach plan, then you will need to inform everyone involved immediately of the breach. This means an extra cost in communications staff time it takes to contact all your members.
Impact on Organisational Priorities
What if you can’t use your website during a busy membership renewals period? This is going to massively impact your membership team and make their day job a lot harder.
The same goes for your IT team – they will have to sacrifice other priorities and work reactively if a breach occurs.
Upgraded Infrastructure and Support
If the cause of the breach was something like a bad hosting configuration or limited support in the event of the breach, then you’ll need to consider hosting costs as you look to upgrade to a safer, more reliable hosting solution and enhanced support package.
Future Insurance Cover
If you have cyber insurance already, then some of the prevention processes required for cover will already be in place to help you recover from a breach. If not, then you’re likely to be hit with a huge bill. Contact your insurers as soon as possible after an attack to see how they can help.
US health insurer, Anthem, was hacked back in 2015, targeting a vast amount of sensitive customer information. In response, Anthem set up an informational website and offered to provide a credit monitoring service to those affected, so customers could react if their compromised details had been used.
Remember to calculate the number of customers X the individual license cost for a credit service to understand the potential risk of helping customers recover following a breach.
Staff Access to Systems
Ok, we’re talking worst-case scenario here. But think back to 2014 when Sony staff reportedly had to revert to offline methods to work as they were locked out of entire computer systems! You don’t want to find your own staff in a similar position.
Our recent webinar with MemberWise showed that the majority of membership body attendees were unaware of whether or not they have cybersecurity certification, and our own research following this suggests that a high proportion of membership organisations aren’t even on the path to obtaining one.
Alongside technical controls, certifications aim to tackle processes and people through the delivery of effective mandatory staff training. This ensures the organisation is aligned on cybersecurity knowledge and best practice. This moves us swiftly onto our next cost!
On another note, we’ve been Cyber Essentials Plus certified since 2019 as part of our ongoing commitment to keeping our clients and our own data safe.
From the webinar mentioned above, only 26% of poll respondents said they have cyber training already in place, which suggests that some still have the belief that cyber is just an IT problem.
In reality, your staff are actually your biggest threat. Think of things like losing a laptop or leaving a USB stick full of sensitive data on the train. You should ensure your staff are fully trained to understand security issues and policies you have in place regarding breaches, so they know how to prepare for and approach an attack.
It’s clear to see that the true cost of a data breach stretches way beyond what you might initially expect. However, there are several ways you can protect yourself against a breach and save yourself from those nasty bills in future.
Automated testing will immediately help your security posture – having automated scanning or penetration testing can help locate any vulnerabilities and ensure your website is as secure as possible. We’re proudly partnered with AppCheck to ensure the ultimate data security for our business and our clients.
If your server, application, or infrastructure has been compromised, you’ll want to make sure this doesn’t happen again. If the breach is particularly severe, it might be worth investing in a better environment to help protect yourself in future.