QUANTIFYING THE COST OF DATA BREACH UNDERSTANDING (AND AVOIDING) FUTURE PITFALLS Prepared by Castlebridge and TechPolis for Verimatrix
Source: Cisco 2017 Annual Cyber Security Report http://www.cisco.com/c/dam/m/digital/1198689/Cisco_2017_ACR_PDF.pdf THE TRADITIONAL COSTS OF “DATA BREACH” Traditional “Data Breach” = “Information Security Breach” Cisco Security Report 2017 30% reported loss of revenue/turnover of up to 20% 20% lost customers 23% lost business opportunities 49% of respondents reported having to deal with public scrutiny
CONCEPT OF “DATA BREACH” IS EVOLVING Information Privacy • Why do we have this data? • What are we using it for? • Do we have permission/basis for processing this data this way? • Do we have too much of this data? Information Security • Are we keeping it too long? • Where are we storing / sharing it? Keeping it safe • • Did we tell our customers this was happening? • Controlling Access • What contractual controls are in place with 3 rd • Keeping “bad guys out” parties?
CONCEPT OF “DATA BREACH” IS EVOLVING Data Breach Security Privacy Ethics Trust
CASE STUDY: MY (CREEPY) FRIEND KAYLA Recordings of children and parent voices transmitted securely Recording stored by vendor Content of recording analysed (voice prints etc.) Recordings could be accessed by the manufacturer (what might children tell their doll, what might it over hear?)
PRIVACY ENFORCEMENT A GROWING TREND – SMART TV MAKERS PROSECUTED / SUED Both these cases relate to how data is OBTAINED and TRANSPARENCY how that is disclosed to individuals
WHO IS WATCHING THE WATCHERS? Smart TVs Device Fingerprinting VOD Services Multiple devices Viewing recommendations Service personalisation Viewer analytics “Share of Eyeball” Analytics
Source: Europa Barometer study 447 and Flash Barometer 443, July 2016 GROWING CONSUMER AWARENESS (AND CONCERN) 72% of respondents to EU Barometer Survey in April 2016 said they were 72% concerned about the collection of data about them by on-line platforms 56% of respondents to EU Barometer Survey in April 2016 said they were 56% uncomfortable with on-line market places using data about them and their online activities 71% of respondents to EU Barometer Flash Survey in April 2016 said it is 71% unacceptable for companies to share information about them without their permission, even if it helps companies provide services they might like 56% 56% of respondents to EU Barometer Survey in April 2016 said they did not usually read Terms and Conditions in online services
Source: Fujitsu Personal Data in the Cloud Survey, 2010 GROWING CONSUMER AWARENESS (AND CONCERN) 91% 91% of respondents want a system which enables them how to control how their data is used 90% of US consumers want to be asked to give permission for their data 90% to be shared 71% 71% of respondents want governments to impose penalties on organisations that misuse data 83% of respondents want organisations to be clear about what they do 83% with data
INCREASED REGULATORY OVERSIGHT Globally there is a consistent trend to increased Regulatory oversight of data privacy. EU rules are considered “gold standard” benchmark target Many countries (e.g. Japan) are updating their domestic legislation to align better with EU standards Common core principles emerging Significantly: Penalties and Sanctions are increasing!
TWO AVENUES OF COST: REGULATORS AND LITIGATORS Vidal-Hall Case: GDPR – 4% of Global Turnover max penalty • Device fingerprinting and cookies, bypassing Japan – 6 months in prison browser controls No need to show loss – breach of duty of care • [Penalties from Regulators vary] under Data Protection Directive / UK DPA Article 79 GDPR makes it EXPLICIT that material losses are not required to sue for breach of Data Privacy rights
THE OLD “BIG DATA” PARADIGM Global Data Privacy law trends increasingly require the opposite view to be taken!
Source: Google Trends analysis conducted by Castlebridge BIG DATA IS GROWING UP Relative Search frequencies for “Data Ethics” and related terms are increasing.. Information management still struggles with defining “Ethics” With great power comes great responsibility!
THE EDPS VISION OF THE FUTURE OF DATA ETHICS Focus on ethical behaviour in information management “Compliance is the floor, not the ceiling” EDPS sees Ethical management of information as a source of competitive advantage for organisations into the future
BUILDING THE BUSINESS CASE FOR COMPLIANCE (AND BEYOND) Operational Benefits Failure Costs • Loss of revenue from customer loss/opportunity loss Help drive internal efficiencies through better data • • Cost of brand damage and impact management (not JUST security) Short term • 10-25% of turnover consumed by poor data quality – • • Long term Data Protection compliance requires you to look at Impact on Shareholder value • that! • Remediation Costs Liability Costs Strategic Benefits Investigation Costs • Brand differentiation – Competing on Ethics / Values • Regulatory legal costs • • Improved strategic management of Information Assets • Regulatory Penalties • Disaster recovery, M&A activities etc. Litigation Costs • Better responses when incidents/issues do arise •
WHO IS WATCHING THE WATCHERS? Castlebridge TechPolis www.Castlebridge.ie |@cbridgeinfo www.techpolis.com
Recommend
More recommend
