Cybersecurity Risk Management: Avoiding the Devastation of a Data Breach

Stressed employee sitting at desk

Every hour, 158,727 records are stolen in breaches.
That’s 2,645 per minute, and 44 every second.*

It’s no question that cybersecurity should be a leading priority for every organization. Yet, only 38% of global organizations claim that they are prepared to handle a sophisticated cyber attack. The repercussions of experiencing a data breach go well beyond the immediate and obvious. Of course, the breach of sensitive data, like credit card information, PHI and more is devastating. This puts consumers at risk for identity theft, phishing schemes and other types of attacks with long-lasting negative repercussions. The effects of a breach on the organization itself are far-reaching and damaging, as well. Here are just a few consequences of experiencing a data breach.

The fallout after a data breach

Financial loss

A data breach will inevitably result in some sort of financial loss for an organization depending on the scale of the breach, the type of data affected, and the actions taken by the organization following the breach. According to the 2018 Cost of a Data Breach Study, the average cost of a data breach was $3.86 million. This can result from anything from customer loss, legal fees, investigations, PR and more. Of course, the organization’s I.T. and security team will dedicate an extensive amount of time and resources to identifying how the breach occurred and remediating the issue. For example, the average cost in time of a malware attack is 50 days. This extra time and effort will make up a large portion of the total cost of the breach.

Relationship impact and image rebuilding

The press surrounding the breach and ensuing legal investigation ultimately has a long-lasting negative impact on the organization’s reputation. Existing customers may understandably lose their trust in the organization, potentially resulting in customer loss. In addition, partners and vendors may reevaluate or end their relationship with the organization. Even once the legal and financial fallout of the breach eventually settles down, it takes time and effort for the organization’s marketing and legal teams to rebuild their image and attempt to mend relationships with customers, partners and vendors.

Effect on workforce

A data breach affects the organization’s workforce as well. Depending on the scale and severity of the breach, the organization may experience a shuffle in employees. Employees may be laid off as a result of financial loss. Globally, 31% of breaches have resulted in employees losing their jobs. Employees may also leave the organization by choice to avoid any damage to their personal reputation. In addition, C-level leaders may be asked or choose to resign in the aftermath of the breach. Ultimately, HR teams will have to divert a great deal of attention toward managing employee loss due to the breach, hiring new talent to replace any loss where necessary and alleviating the concerns of existing employees regarding the breach.

Protecting your organization from the threat

So when the consequences of a data breach are so severe, it’s essential to be proactive in protecting your organization. According to the Ponemon Institute, 59% of companies surveyed in 2018 experienced a data breach within the last 12 months caused by a third-party or vendor. While it’s essential for an organization to ensure the security of their own systems and technology, the relationships an organization has with third-party entities should be carefully evaluated as well.

bswift uses SecurityScorecard to evaluate our own security and has a 99% rating overall.** We partnered up with our parent company, Aetna, a CVS Health company, to share some strategies for managing cybersecurity risk. Whether you’re reevaluating your current HR technology provider or searching for a new provider, here are a few tips and strategies to help minimize your organization’s risk of experiencing a data breach.

Third-party security assessment

Consider using a third-party security vendor to conduct a review for you. bswift not only uses SecurityScorecard to evaluate our technology against different security criteria, but we also use it to assess the strength of our vendors’ security. The third-party should be able to help clearly identify any potential areas of risk in the HR technology vendors you utilize and how they compare to other vendors within the industry. Be sure to conduct evaluations of your vendors on a regular and frequent basis.

Risk-based approach to cybersecurity

Ask your vendor to share with you how they evaluate risk in their technology. A compliance-based approach means that a vendor is simply “checking boxes” when it comes to setting and implementing security measures. A vendor with a risk-based approach means they not only have the right security measures in place, but that they are also actively testing them out to ensure they are serving their intended purpose.

Security measures evolve over time

As your vendor grows and changes, their security measures should continue to mature along with it as well. Threat actors are constantly evolving, and as a result, security breaches are becoming increasingly complex and more frequent. To prevent falling victim to new types of threats and breaches, your vendor should constantly examine their security measures from new perspectives and work to strengthen them accordingly.

Shift-left approach to testing

At bswift and Aetna, we have a shift-left approach to testing, meaning that we test the security strength of our technology earlier on in the development lifecycle. This allows us to be proactive in identifying and remediating any weaknesses, preventing them from becoming potential security flaws in the future. Ask your vendor about their approach to testing to learn more.

More cybersecurity insights

For more tips and strategies, check out our cybersecurity resources.

Visit bswift on LinkedIn and join the conversation with #bSecure.

** Third-party analysis of benefits administration technology security conducted by SecurityScorecard 01/2019. Results are subject to change.

Placing a Premium on Data Security
Artificial Intelligence: Top 5 Myths Debunked