Cyber Threat Realities
The Cyber Threats Realities: How Much is Enough?
The recent on Cost of a Data Breach Study managed by the Ponemon Institute has very interesting details. Let’s take a glance at them…
❖ The easiest way to enter the IT system of an entity and control & steal the data for cyber attackers is still human factor and malware.
❖ The first target is still data but also core systems (e.g. industrial control systems) are among the main targets.
❖ Entities are seeing a steady rise in the number of data breaches (from 130 in 2017 to 145 2018).
❖ The total cost of cybercrime for each entity increased from $ 11.7 million in 2017 to $ 13.0 million in 2018. (In the United States of America the average cost was $ 27.4 million.)
❖ Banking and Utilities industries continue to have the highest cost of cybercrime with an increase of 11 % and 16 % respectively. The Energy sector remained third with increase amount of 4 % and the Health sector cybercrime costs increase around eight % in a year.
❖ The entities main difficulty against cyber threats is evaluating the cyber security budget amount.
These results show us the same problems in cyber security are existing strongly but also increasing the cost effect in entity budget.
More or less the only difference from previous researches and in my opinion, the most important thing among the all findings is assessing budget investments in cyber security.
The magic question for this problem is so easy: How much is enough?
But what about the right answer…
We need to answer a few questions before find the best solution for deciding the budget figures.
What does this mean for entity business?
How does it affect strategic targets?
The simple common answer for three questions is: It is a unique entity decision that needs to take into account the risk posed by cyber threats to business objectives, as well as the fact that any funds invested in cyber cannot be invested in other initiatives.
My Best Wishes
Head of Consultancy, TDG Global