News Insights: Business Losses to Cybercrime Data Breaches to Exceed $5 trillion by 2024

A new report by Juniper Research finds that  Business Losses to Cybercrime Data Breaches to Exceed $5 trillion by 2024 – Cybersecurity Breaches to Increase Nearly 70% Over the Next 5 years (link to Juniper Research press release issued yesterday). The announcement notes that “the cost of data breaches will rise from $3 trillion each year to over $5 trillion in 2024, an average annual growth of 11%. This will primarily be driven by increasing fines for data breaches as regulation tightens, as well as a greater proportion of business lost as enterprises become more dependent on the digital realm.”  A CyCognito expert offers perspective.

NEWS INSIGHTS:

Rob Gurzeev, CEO and Co-Founder, CyCognito:

“Organizations are all too often and unwittingly providing open pathways into their networks, such as dormant servers and applications, self-provisioned cloud computing resources not tracked by IT asset management processes, and third party vendor partners whose practices and security gaps may provide a ready conduit. Bad actors are increasingly adept at discovering and exploiting these risks lurking in the shadows. Mapping these exposed assets including those of closely related third parties is an important and increasingly urgent first step in securing the organization and protecting its intellectual property, sensitive data, reputation and bottom line.”

Tom Garrubba, Senior Director and CISO, Shared Assessments:

“Every day, security professionals are waking up to more and increasingly savvy data perpetrators who are finding new and uncharted means to acquiring data. Security professionals need to continue to sharpen their tools and think “outside the box” regarding other ways these data perps can get to confidential data. Anticipatory compliance should be embraced by organizations – not necessarily from the compliance lens, but from the security and privacy lens. What they learn from anticipating the threat horizon should be shared with all employees of their organizations and it’s Information Security’s role to help promulgate changes and educate the employees to not be lured in taking a data perp’s bait.”

Franklyn Jones, CMO, Cequence Security:

“While $5 trillion is a staggering cost resulting from the nearly non-stop data breaches we learn about each day, there is also a significant secondary cost that we must not lose sight of.  I’m referring to the growing number of malicious, automated bot attacks that are fueled by the billions of credentials stolen from these initial breaches.  Those secondary attacks, which are even harder to detect than the initial data breaches, tend to focus on business logic abuse, stolen IP, and financial fraud.  The cost of these types of attacks are often under-reported, but are likely in the billions of dollars.”

Jonathan Deveaux, head of enterprise data protection at comforte AG:

“SMBs are high targets and may feel the brunt of a data breach more than a larger enterprise. One study found  that over 60% of small businesses impacted by a data breach will file for bankruptcy or go out of business within 6 months after reporting the incident.  The AMCA data breach reported in April 2019 is real-world example of how a company responsible for compromising data from 20 million people filed for Chapter 11 within 3 months following the incident.  Due to possible violations of HIPAA (the Health Insurance Portability and Accountability Act), the initial costs of over $4M to inform affected customers and to hire consultants to rectify the breach were too much for the small company to bear, as their employee headcount also dropped from 113 to 25.  It is clear that the costs of a data breach are detrimental to a business. However, there is more at stake than monetary costs, including immeasurable brand and trust damage.  Having to lay off employees and losing the business altogether is far worse than paying fines and fees.  Hopefully business leaders will shift to a ‘security-first’ mindset to adopt stronger, more effective data security methods, which greatly help reduce the risks associated with data breaches.”

Mounir Hahad, head of the Juniper Threat Labs at Juniper Networks (no relation to Juniper Research):

“Juniper Networks has been predicting that cryptojacking and cryptomining attacks were temporary in nature and closely followed the rise and fall of cryptocurrency valuation and the difficulty of mining. Juniper Research seems to confirm this trend. Furthermore, Juniper Networks predicts that ransomware will continue to rise and remain a sore point in the foreseeable future of cybersecurity. It will morph from crypto-ransomware to other forms of ransomware, as security solutions become more capable at preventing file encryption and easing recovery post-attack. Social media and cloud collaboration tools will continue to provide a fertile ground for new vectors of phishing campaigns, exploiting complex interactions between these platforms and third party applications to expose vulnerabilities or abuse trust relationships.”

Dan Tuchler, CMO at SecurityFirst:

“Business losses due to data breaches are rapidly increasing. Our customers tell us that their worst nightmare is having to report that a compliance fine has pushed their company stock lower. You don’t get to keep your job if that happens. But in most cases companies don’t have to report a security breach if you can prove your data is encrypted. It’s easy and cost-effective to put basic protection in place on your data, to avoid huge fines and stay out of the daily data breach news.”

George Wrenn, CEO of CyberSaint Security:

“Executives are increasingly concerned about the bottom-line impact when their companies’ reputations are damaged due to a breach.  We recommend companies take the following steps to shore themselves up against reputational damage: implement gold-standard practices and frameworks (such as the NIST Cybersecurity Framework), increase visibility for all executive stakeholders, and integrate compliance and risk management to combat more holistic attacks.

Organizations that cannot speak to their cybersecurity posture are left struggling to explain themselves when a breach does happen, and fragmented programs are exponentially more difficult to manage. By implementing solutions that integrate enterprise-wide cybersecurity activities and therefore deliver superior visibility, both technical- and business-side leaders are in much better positions to defend their organizations should a breach occur.”