Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

5/8/2018
02:00 PM
Jeremy Wittkop
Jeremy Wittkop
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv

Properly Framing the Cost of a Data Breach

The expenses and actions typically associated with a cyberattack are not all created equal. Here's how to explain what's important to the C-suite and board.
1 of 2

Chart 1: Sample data breach costs based on estimates from current studies. (Source: Jeremy Wittkop)
Chart 1: Sample data breach costs based on estimates from current studies. (Source: Jeremy Wittkop)

1 of 2
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
managedoutsource
50%
50%
managedoutsource,
User Rank: Apprentice
6/18/2018 | 5:01:35 AM
Thank you for sharing
While all kinds of data breach can be expensive, it was great for this article to break this down for better understanding.
jeremy_wittkop
100%
0%
jeremy_wittkop,
User Rank: Author
5/9/2018 | 2:58:01 PM
Re: All good points .... but
Thank you for the comment! I understand the frustration when ridiculous comments such as that are made by members of leadership who should know that if one individual can cause the entire program to fail, it is the program that is broken. I also understand the frustration of the general public when Equifax's board of directors were re-elected after the breach. I would suggest that the root of the problem with Equifax is that they have a business model that is compulsory for data subjects. These types of issues are the reason that data privacy regulations are being passed in major markets around the world.

I would suggest from my conversations with executive leadership that organizations that must ask for permission from data subjects to gather their information and who ultimately must win their business, that those organizations are much more sensitive to how they handle personal information. Ultimately, we are in a consumer-driven economy. If the general public decides that they ways in which companies secure their personal data will impact their purchasing decisions, the business community will identify those trends and respond accordingly.
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
5/8/2018 | 2:22:01 PM
All good points .... but
Remember the attitude of the Equifax C-Suite when the CEO blamed the entire catastrophe on ONE, JUST ONE, IT staffer who failed to perform an update.  Lunacy and ignorance all combined into one stupid comment.  If THIS is the attitude and understanding C-Suite has of IT as a business practice, then all your points are worthless.  Oh, BTW - staffers are always cheaper in Bangalore too. 
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
7 Ways VPNs Can Turn from Ally to Threat
Curtis Franklin Jr., Senior Editor at Dark Reading,  9/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16680
PUBLISHED: 2019-09-21
An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.
CVE-2019-16681
PUBLISHED: 2019-09-21
The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to file disclosure and XSS.
CVE-2019-16677
PUBLISHED: 2019-09-21
An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF.
CVE-2019-16678
PUBLISHED: 2019-09-21
admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route.
CVE-2019-16679
PUBLISHED: 2019-09-21
Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.