The true cost of cybersecurity incidents

Sicherheit (Pexels, allgemeine Nutzung)[German]IT security ist costly, which is often not understood by the management. If a security incident then occurs, the level of concern is high and repairing the damage costs considerable sums. Security provider Palo Alto Networks does the math and shows the true costs of cybersecurity incidents. I received the informationlast week, and I'm posting it on the blog.


Palo Alto Networks provides a brief analysis below that contrasts the cost of managing a security incident with the cost of investing in cybersecurity to prevent one.

Empowering employees

When it comes to people, process and technology, people are always the weakest link in an organization's metaphorical security fence. A company can have the most detailed, security-focused processes and world-class technical solutions. But if employees are not properly trained, security is virtually non-existent.

Employees must therefore be equipped with sophisticated, novel and industry-relevant cybersecurity training materials. Gone are the days when a simple handout or outdated PowerPoint presentation sufficed. Instead of having an annual training session or one that only needs to be completed when an employee is first hired, companies should ensure that security awareness is integrated into the company culture. For example, a new module should be completed monthly or regular training on how to respond to phishing campaigns. Small incentives for employees who successfully report malicious emails are also an option. Investing in cybersecurity awareness and general employee knowledge is the best way to improve security in the long term.

Understanding legal requirements

What legal requirements must the company comply with? If the company falls victim to a cybersecurity attack, it cannot plead ignorance to avoid the hefty fines associated with regulations like CCPA and GDPR. If the company has a particularly complex environment with a large amount of customer data or personal health information, it may be worth hiring a chief privacy officer or CISO. This person should focus specifically on ensuring that customer data is adequately protected and that the company is in compliance with all applicable legal requirements.

Incident response processes: Practice, practice, practice

They say that practice makes perfect, and incident response is no exception to this rule. Comparing the data breach costs of a company that has tested its incident response plan to one that has not, the average savings is $2,000,000.


However, many companies build on the car while driving at 160 kilometers per hour on the highway. An incident occurs, and no one has a clue what to do:

  • The immediate response plan for an incident hasn't been updated in three years.
  • Phone numbers are incorrect.
  • Cybersecurity insurance has never been purchased. 
  • Reporting requirements are not defined.

Managing a cybersecurity incident is an incredibly stressful experience. To alleviate this stress and save money, organizations should test their incident response plan at least twice a year through tabletop exercises or interactive scenario sessions. Make sure they conduct a "lessons learned" evaluation after the test exercises to determine which incident response methods worked well and which could be improved. Finally, take action to ensure that proposed improvements or changes to current processes are updated in the incident response plan and associated policies.

Know your weaknesses

Companies can't protect themselves from the threats they don't know they are vulnerable to. An annual enterprise cybersecurity risk assessment should consider people, processes and technologies. Organizations should consider engaging an external vendor that specializes in conducting in-depth cyber risk assessments against a recognized industry framework, such as the National Institute of Standards and Technology (NIST) and the Cybersecurity Framework (CSF). Identified risks should be accompanied by a detailed recommendation that can be implemented to either completely eliminate or mitigate the associated risk.

In most cases, findings and recommendations are accompanied by a priority ranking or strategic implementation roadmap. These are invaluable tools that organizations can use to determine how to most effectively improve their current security position.

Never operate without usable backups

As mentioned earlier in this report, ransomware was the most common method of compromise in 2019, and without usable backups, organizations are literally putting their livelihood in the hands of cybercriminals. According to Unit 42's 2020 Incident Response & Data Breach Report, backups were deleted or disabled in an increasing number of incidents. Therefore, it's important to regularly create and test backups and become familiar with the process of restoring backups. Most importantly, ensure that backups are stored off-network and protected by appropriate security measures to prevent threat actors from gaining access and disabling or deleting backups to prevent recovery. 

Call in expert advice

Companies don't have to handle everything internally on their own. Hiring a cybersecurity consultant or external partner is a great way to bring security-specific expertise into the organization. Consultants are often privy to current best practices and industry trends, so they can provide new insights into what is currently working in the field. By building relationships with outside experts, companies have a strong network to call upon when they need to strengthen their security solutions or simply gain an outside perspective on industry best practices.

Final considerations

Security breaches are expensive, and probably more expensive than thought. While the upfront costs of proactive investments in cybersecurity capabilities may seem expensive, they will likely save organizations significant sums in the long run. Strategic, proactive investments in cybersecurity are essential for organizations that want to succeed in today's complex and dangerous cyber landscape, according to Palo Alto Networks.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *