19
May 2016
Early versus late data breach outcomes
Andy Harris
We spent some time looking at the outcomes for companies that were the victims of cyber breaches, comparing those who experienced early data breaches to those who experienced late data breaches.
Early breaches
When we extended the time frames, early data breach victims followed a similar six-month pattern:
In other words, six months after the attacks businesses were in better shape than their competitors. Companies with the weakest security experienced the first wave of data breaches. The net result was that the subsequent shake-up was just what those companies needed, and as a result, they did better in the end. Their competitors would have reviewed their security, but without the personnel churn at the top.
Customers got used to data breaches and then increasingly fed up with data breaches. They consider big companies as mostly the same, and therefore price and service returned as the key buying factors.
Late breaches
Fast forward to today, and data breach victims are suffering. Taking TalkTalk as an example, we found these key differences:
Retail organisations in previously good health can bounce back by heavily discounting stock. Service organisations don’t have that luxury; they don’t have stock to lean on and market forces are setting the general price level.
Organisations that rely on their reputation for confidentially suffer the worst. The ICO investigated 173 law firms regarding data breaches in 2014, culminating in this Information Commissioner Warning, warning barristers and solicitors to keep personal information secure. In 2015, Law Firm warnings were running at 15 per quarter.
There is a constant cycling of who is at the bottom of the pile security-wise. This drives the need for constant vigilance. Osirium PAM is about prevention of breaches, rather than detection. We help prevent the external attacker and deter the internal wrongdoers.
If you’d like to find out more about Osirium PAM, get in touch.