How Can We Help?

· privid,breaches,detection,response,data

In the first year of GDPR implementation there were 89,000 reported breaches. That was just the beginning… 

Understanding The Problem 

To get a better insight into what is happening here are some stats to get started (August 2019 to April 2020): 

  • Organisations affected: 524 
  • Countries: 17 
  • Industries: 17 
  • Average Total Cost: 3.86MM USD 
  • Most breached Industries: Healthcare, Finance & Government (not always in that order)
  • Average Time to Identify: 280 days to identify & contain 

Understanding the Cost 

For the sake of the discussion, let's look at the following: 

Detection*, Notification, Lost Business, Post Response 

Detection*  under GDPR organisations must report a [notifiable] breach to the ICO (Information Commissioner's Office), the independent regulatory office in charge of upholding information rights in the interest of the public, without undue delay. It must be done not later than 72 hours after becoming aware of it. If you take longer, you must give reasons for the delay. This is not the case in non-GDPR jurisdictions, although that is changing somewhat with new legislation.

Detection 

The activities that allow an organisation to detect a breach: 

  • Forensic and investigation analysis 
  • Assessment and Audit 
  • Crisis Management 
  • Communication to executives, boards and others as required by law 

Notification 

Notification of data protection regulators, data subjects and other third parties: 

  • Email, physical letters, outbound calls, or general notice to data subjects 
  • Determination of regulatory requirements 
  • Communication with regulators 
  • Engagement of outside experts 

Lost Business 

Activities that attempt to minimize the loss of customers, business disruption and revenue loss: 

  • Business disruption and revenue loss from system downtime 
  • Cost of lost customers andacquiring new customers 
  • Reputation loss and diminished goodwill. 

Post Response 

Activities to help victims of a breach communicate with the company and redress activities to victims and regulators: 

  • Help desk and inbound communications 
  • Credit monitoring and identity protection services 
  • Issuing new accounts or credit cards 
  • Product discounts 
  • Regulatory fines 
  • Under GDPR these can become expensive to a maximum of 4% of global revenue or €20MM, whichever is greater 
    • This does not consider potential lawsuits by the subjects affected 

Breaches by Sector 

 

Types of Records Compromised 

 

Overall, the number of reported breaches by October 2021, were already surpassing the total breaches in 2020: 1,291 breaches by Q3 versus 1,108 in all of 2020. The most popular types of attacks are still phishing and ransomware. Many US states hesitate to report breaches, while in other jurisdictions there is a time limit to reporting data breaches, and the users involved must be notified. This, in the US especially, is becoming a problem. If the breaches aren’t disclosed, the personal data at risk is still at risk and will be more difficult to contain the fallout from the breach. In the US this affects (up to Q3 2021) approximately 282 MM people. While it may be lower in other jurisdictions, the problem stands. The custodians of the user’s data need to review how they store data. 

Some More Statistics Around Cybersecurity 

  • 95% of cybersecurity breaches are caused by human error. (Cybint) 
  • The worldwide information security market is forecast to reach $170.4 billion in 2022. (Gartner) 
  • 88% of organizations worldwide experienced spear phishing attempts in 2019. (Proofpoint) 
  • 68% of business leaders feel their cybersecurity risks are increasing. (Accenture) 
  • On average, only 5% of companies’ folders are properly protected. (Varonis) 
  • Data breaches exposed 36 billion records in the first half of 2020. (RiskBased) 
  • 86% of breaches were financially motivated. (Verizon) 
  • 10% were motivated by espionage. (Verizon)
  • 45% of breaches featured hacking, 17% involved malware. (Verizon) 
  • Between January 1, 2005, and May 31, 2020, there have been 11,762 recorded breaches. (ID Theft Resource Center) 
  • The top malicious email attachment types are .doc and .dot which make up 37%. (Symantec) 
  • An estimated 300 billion passwords are used by humans and machines worldwide. (Cybersecurity Media) 
  • The average cost of a data breach is $3.86 million as of 2020. (IBM) 
  • The average time to identify a breach in 2020 was 207 days. (IBM) 
  • And the average lifecycle of a breach was 280 days from identification to containment. (IBM) 
  • Personal data was involved in 58% of breaches in 2020. (Verizon) 
  • Security breaches have increased by 11% since 2018 and 67% since 2014. (Accenture) 
  • 64% of Americans have never checked to see if they were affected by a data breach. (Varonis) 
  • 56% of Americans don’t know what steps to take in the event of a data breach. (Varonis) 

GDPR Statistics 

  • Companies reportedly spent $9 billion on preparing for GDPR and, in 2018, legal advice and teams cost UK FTSE 350 companies about 40% of their GDPR budget or $2.4 million. (Forbes) 
  • 88% of companies spent more than $1 million on preparing for the GDPR. (IT Governance) 
  • In the GDPR’s first year, there were 144,000 complaints filed with various GDPR enforcement agencies and 89,000 data breaches recorded. (EDPB) 
  • 1,000 news sources blocked EU readers to avoid the GDPR compliance rules. (Nieman Lab) 
  • The GDPR fines totaled $63million in its first year. (GDPR.eu) 
  • Google was fined $57 billionfor GDPR violations by CNIL, a French data protection agency. (TechCrunch) 
  • Since the GDPR was enacted, 31%of consumers feel their overall experience with companies has improved. (Marketing Week) 
  • By 2019, only 59% of companies believed they were GDPR compliant. (ZDNet) 
  • 70% of companies agree that the systems they put in place will not scale as new GDPR regulations emerge. (DataGrail) 

Healthcare 

  • WannaCry ransomware attack cost the National Health Service (NHS) over $100 MM USD. (Datto) 
  • The healthcare industry lost an estimated $25 billion to ransomware attacks in 2019. (SafeAtLast) 
  • More than 93% of healthcare organizations experienced a data breach in the past three years (Herjavec Group) 

Finance 

  • Financial services have 352,771 exposed sensitive files on average while healthcare, pharma and biotech have 113,491 files on average — the highest when comparing industries. (Varonis) 
  • 15% of breaches involved healthcare organizations, 10% in the financial industry and 16% in the public sector. (Verizon) 
  • Trojan horse virus Ramnit largely affected the financial sector in 2017, accounting for 53% of attacks. (Cisco)
  • The financial services industry takes in the highest cost from cybercrime at an average of $18.3 million. (Accenture) 
  • Nearly two-thirds of financial services companies have over 1,000 sensitive files open to every employee. (Varonis)
  • Financial and manufacturing services have the highest percent of exposed sensitive files at 21%. (Varonis) 
  • On average, a financial services employee has access to nearly 11 million files the day they walk inthe door. For large organizations, employees have access to 20 million files. (Varonis)
  • The average cost of a financial services data breach is $5.85 million. (Varonis)
  • Financial services businesses take an average of 233 days to detect and contain a data breach. (Varonis) 

Government 

  • The U.S. government saw 1.2 billion records breached in 2018. (Purplesec) 
  • Manufacturing companies account for nearly a quarter of all ransomware attacks, followed by the professional services with 17% of attacks, and then government organizations with 13% ofattacks. (Security Intelligence) 
  • The U.S. government allocated an estimated $18.78 billion for cybersecurity spending in 2021. (Atlas VPN)

Enterprise 

  • Smaller organizations (1–250 employees) have the highest targeted malicious email rate at 1 in 323. (Symantec)
  • Lifestyle (15%) and entertainment (7%) were the most frequently seen categories of malicious apps.(Symantec) 
  • Supply chain attacks were up 78% in 2019. (Symantec)

Cybersecurity Statistics 

  • 70% of cybersecurityprofessionals claim their organization is impacted by the cybersecurity skills shortage. (ESG & ISSA)
  • Since 2016, the demand for Data Protection Officers (DPOs) has skyrocketed by over 700%, due to the GDPR demands. (Reuters) 
  • 500,000 DPOs are employed (IAAP) 
  • 40 percent of IT leaders say cybersecurity jobs are the most difficult to fill. (CSO Online) 

At PrivID we have a Cybersecurityspecialist on staff, and that person also has Top Secret (Canada) and Secret (NATO) clearance. As well as being certified as a DPO. Three of our top executives are DPO certified. We understand the regulations and we know the shortfalls of the industry.  

Cybersecurity is Critical to theEnterprise 

Organisations are realising the cybersecurity is critical. The need to invest in the cybersecurity infrastructure is the key to retaining the trust of clients (present and future), as well as employees. Thequestion becomes, aside from education and bolstering internal security, how can data breaches be identified, managed, and quickly fixed? 

How can PrivID help? 

PrivID is a Privacy-Enhancing Computation (PEC) organisation, in other words, we help organisations protect their data, and comply with regulations. No data is 100% protectable. Our system allows for better, faster breach detection, as well as creating a system where, when there is a breach, user data is protected (Zero Knowledge Proof [ZKP] and distributed computing) in such a way that whoever has done the breaching gets no usable data. 

The Problem 

Online and digital privacy and data security are becoming ever more important. Breaches in security and leaked personal information cause real, measurable, often irreparable, harm to individuals, corporations, and government entities. The General DataProtection Regulation (GDPR) and Personal Information Protection andElectronics Document Act (PIPEDA) regulations were designed and implemented in Europe and North America, respectively, to help keep personal information safe, and important data secure. Similar legislation is available in other jurisdictions (Personal Data Protection Act (PDPA)  in Singapore, for example). Even though complying with GDPR and PIPEDA can be costly, time consuming, confusing, and fraught with technical issues, non-compliance can cost businesses millions, if not billions (Google is currently looking at €5 billion) in fines, not to mention lost revenues, and customer loyalty, as more individuals are looking for more secure and private alternatives to Googles various products. 

GDPR is more robust than PIPEDA and complying with it usually means that a company has met the requirements of PIPEDA. Penalties for data breaches partly, or wholly, due to non-GDPR compliance start at $10 million, or 2% of global revenues, and go as high as, the greater of, $20 million or 4% of global revenues. Non-compliance is quickly becoming a major risk with significant implications for many, if not all, multi-national, North American, and European businesses. 

The Solution 

PrivID has developed a custom, proprietary, software, hardware, and blockchain driven solution. PrivID is a highly configurable, multi-tiered, data security and integrity platform that keeps personal and sensitive data secure and inalterable. Companies utilising PrivID immediately become both GDPR and PIPEDA (as well other jurisdictions that are going to be implementing similar legislation, based largely on the original GDPR) compliant. The most important part, PrivID is scalable.

PrivID can be implemented for less than the cost of the fallout from data breaches, PrivID can save companies millions of Euros or Dollars, in fines. As well, our system can be used to create national ID cards with biometrics built in and includes the highest level of identity authentication management (IAM), data security, minimal potential for fraud and identity theft, and a clear chain of custody of that data. Not to mention we can manage entitlements.   

 

All Posts
×

Almost done…

We just sent you an email. Please click the link in the email to confirm your subscription!

OK