The High Cost of Data Breaches Examined
As businesses across a variety of essential industries continue to become increasingly interconnected through digital networks, security threats arising in various, complex forms have grown all the more prevalent. With the world of finance trending towards digitalization, even the most basic of security incidents can have a far-reaching impact on a company’s reputation and bottom line for years to come. Hackers, foreign agents, and even rival companies all have varying motivations in going after client records, financial statements and other pertinent information via hacking and other forms of cybercrime, with the power to cause significant disruption when this valuable intel is available at their disposal. With criminals often looking to capitalize on the easiest of targets (or those that pose the least likely threat of detection by the proper authorities), institutions small and large have become equally susceptible to hacking exploits and breaches when failing to implement necessary safeguards for deterring cybercrime. Despite the safety gains that have accompanied the widespread adoption of regulatory technologies (RegTech) across the financial sector, it appears that an ever-increasing array of sophisticated tools are being employed by cybercriminals to capitalize on unsuspecting entity’s or those that have been slower to adapt than their peers. Greater international attention has been placed on cyber-security of late following the recent phishing attacks seen on the Twitter accounts of notable American figures including former Amazon CEO Jeff Bezos, former President Barack Obama and 2020 presidential candidate Joe Biden, exposing that even the most powerful of individuals and companies can fall victim to ploys of this variety. The unfortunate reality remains however that successful (and severe) data breaches and hacking incidents in the U.S. and abroad continue to increase at an exponential rate, and what’s worse, the cost of not taking these threats seriously may be more than you might expect.
A report released by multinational tech staple International Business Machines Corp. (IBM) last month analyzed 524 cases of data breaches at organizations of various sizes operating in 17 industries across more than a dozen countries. Its purpose: examining the extent of the costs that these breaches inflict upon the involved companies. The results showed that the average data breach cost slightly less than $4 million USD in the past year alone, a figure that analysts believe could grow significantly higher for companies with less robust security protocols in place. This average also fails to factor in so-called “mega breaches”, that is those incidents affecting over 1 million company records.1 The report notes that “breaches of 1 million to 10 million records cost companies an average of $50 million to address, more than 25 times the average cost of $3.86 million for breaches of less than 100,000 records. In breaches of more than 50 million records, the average cost was $392 million, more than 100 times the average.”3 These findings clearly illustrate that large corporations with lengthy lists of records have a lot to lose, but luckily for them they may also have the resources and procedures in place to take these hits in stride while working proactively to prevent future issues. But what about smaller companies? The reality is that these entities often get hit much harder despite these breaches lacking the “wow factor” in terms of total losses as compared to their larger counterparts. The report also found a notable disparity in costs of breaches across various industries. IBM found the average breach in the healthcare sector costs companies roughly $7.1 million USD, the energy sector $6.39 million and the financial services sphere $5.85 million.1
So what are the possible ramifications for similar privacy and security failures suffered by a company in 2020? Well, this depends on multiple factors. Aside from the direct financial hit from the breach itself, these lapses can affect an organization across various departments. One aspect can be a subsequent fine or multiple penalties related to regulatory compliance, which have been ramped up appreciably in various countries in recent years. For example, thanks to the relatively novel General Data Protection Regulation (GDPR), the United Kingdom recently gave supervisory authorities the ability to fine companies as much as 4% of their top-line revenue for failing to adequately protect personal data.7 Of course there are other obvious consequences that further compound the losses, including hefty legal costs and class-action settlement payments that can result in large payouts to thousands of clients/users affected by a company’s data failures. Lost business from bad publicity is another factor that frequently results in additional, unforeseeable losses for an entity, this in addition to a greater drop in valuation and potential shareholder backlash at publicly-traded entities.
The fact remains that there is simply too much at stake in this day and age for organizations of any size to not take the constant threat of data breaches seriously. One of the IBM report’s most critical findings highlights future risks posed to companies who have chosen to incorporate remote operations and “Telework” into their post-Coronavirus operating structure, estimating that approximately “70% of companies studied that adopted telework amid the pandemic expect it will exacerbate data breach costs.”3 Making these findings all the more startling is that the report only covered the initial two months of this lengthy pandemic. Time will tell if this unique period in world history, one marked by extreme human loss, will be similarly remembered as a period of major turmoil from a financial and technological security perspective.
OFAC Designates ISIS Financial Supporters
On July 28th, the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) moved to designate two financial facilitators operating on behalf of militant terror organization ISIS. The individuals, Faruq Hamud and Adnan Muhammad Amin Al-Rawi, located in Syria and Turkey, respectively, are alleged to have provided significant financial, material and even technological support to the group over a series of several years. The Treasury writes that Hamud was an operator of a branch of the Tawasul hawala in the al Hawl Internally Displaced Persons camp that houses approximately 70,00 refugees, a large portion of which are current or former ISIS members. This “hawala” – essentially an underground form of banking where funds are transferred without any currency actually moving – reportedly served ISIS members and allowed for the transfer of payments for ISIS from outside of Syria.6
Regarding the motion, Treasury Secretary Steven Mnuchin noted that it signifies Trump Administration continuing “to be fully committed to disrupting ISIS’s financial activities and networks.”6 As a result of the action, The new sanctions effectively block any and all assets these individuals may have within U.S. jurisdictions, while also prohibiting all dealings by U.S. citizens & companies that involve any property or interests of blocked/designated persons or risk facing potential financial and/or criminal penalties.
Malaysian Prime Minister At Heart of 1MDB Scandal Jailed
After years of financial misconduct that included the alleged siphoning of billions of dollars from the 1Malasyia Development Berhad (1MDB) fund, last Tuesday, ex-Malaysian Prime Minister Najib Razak finally faced tangible repercussions. A Malaysian court found Razak guilty on all seven counts of corruption, abuse of power, breach of trust and money laundering, which will see him face a 12-year prison sentence and a fine of roughly $50 million, pending appeal. This trial stemmed from the illegal transfer of a reported $9.8 billion from SRC International, a former unit of the 1MDB investment fund, to Razak. Analysts believe the verdict has a legitimate chance of being overturned in appeals court however, given that Razak remains in a position of power as an acting member of Parliament, with the New York Times adding that “his party, popularly known as UMNO, returned to power in February, improving the chances that he will not have to spend time behind bars” (NYT), this in addition to the fact that Razak is an ally of current Malaysian PM Muhyiddin Yassin.
Nevertheless, the ruling – the first to be handed down in a series of five total graft trials related to 1MDB – was striking nonetheless. Opposition leader of Parliament Anwar Ibrahim cheered the verdict, noting that the “1MDB scandal has been a blight on our nation’s reputation and has been the source of much anguish for the Malaysian people” (NYT) for over a decade. Despite the sentencing, the worst still might lie ahead for Razak who faces tens of additional charges with heftier prison terms if he is convicted. Global RADAR will provide periodic updates on the former PM’s trials in the months to come.
Criminal Probe Launched Into FIFA President
Current FIFA chairman and President Giovanni Infantino is facing a criminal probe opened by special prosecutor Stefan Keller to investigate his alleged dealings with Swiss Attorney General Michael Lauber. Swiss regulatory authorities have stated that the case stems from concerns of “abuse of public office, breach of official secrecy, assisting offenders and incitement to these acts”2 in relation to secret meetings between the involved parties on multiple occasions between 2016 and 2017. Despite the claims, both men have denied any wrongdoing to date. Lauber however recently offered his official resignation from his position shortly after a separate investigation into FIFA-related corruption found that the prosecutor had lied to his supervisors in the Swiss judiciary regarding past meetings with the FIFA head.5 Lauber will reportedly abandon his post by the end of August 2020, though the AB-BA watchdog notes that Keller is still currently seeking parliamentary approval to have Lauber’s diplomatic immunity from prosecution waived.
Despite the exclamation that he vowed to clean up the governing body of soccer shortly following his appointment as chief in 2016, Infantino appears to have fallen victim to the grasp of corruption that engulfed his predecessor at the helm, disgraced ex-President Joseph “Sepp” Blatter. In December of 2015, FIFA’s ethics committee ultimately banned Blatter from football for six years over his engagement in controversial activities that included illicit payments, rampant conflicts of interest, and alleged criminal mismanagement.
- IBM Security Contributor. “IBM Security BrandVoice: Facing Growing Cyber Risks, Here’s How Organizations Are Mitigating The Cost Of A Data Breach.” Forbes, Forbes Magazine, 31 July 2020.
- Neghaiwi, Brenna Hughes. “Swiss Launch Criminal Probe of FIFA Boss Infantino.” Reuters, Thomson Reuters, 30 July 2020.
- Nicodemus, Aaron. “IBM Report: Average Data Breach Cost Nearly $4M in Past Year.” Compliance Week, 30 July 2020.
- Paddock, Richard C. “Najib Razak, Malaysia’s Former Prime Minister, Found Guilty in Graft Trial.”The New York Times, The New York Times, 28 July 2020.
- “Switzerland Launches Investigation against FIFA President Gianni Infantino: DW: 30.07.2020.” COM, Deutsche Welle, 30 July 2020.
- “Treasury Designates Key ISIS Financial Facilitators in the Middle East | U.S. Department of the Treasury .” S. Department of the Treasury, 28 July 2020.
- “What’s the Real Cost of a Data Breach?” PKWARE, PKWARE, Inc., 5 Sept. 2019.