skip to main content
Back to all blog posts

Posted in: Data Security/Privacy

Dec 1, 2016

7 Ways to Help Your Organization Prevent Costly Data Breaches

By Amy Marcen-Gaudaur and Aaron Baer

Businesses spend an estimated $84 billion each year defending their data against cyberattacks. However, a recent report by Accenture (the "Report") highlights the stark disconnect between these costly protection measures and their efficacy. The Report is based on the results of a survey conducted by Accenture of 2,000 executives from 12 industries and 15 countries across North America, South America, Europe and the Asia-Pacific region.

According to the Report, the failure rate of data breach prevention is "alarmingly high." Approximately one-third of targeted data breach attempts against corporations are successful, yet three-quarters of executives have not lost confidence in their cybersecurity strategies.

The "alarmingly high" failure rate is further exacerbated by the "sheer volume" of cyberattacks being conducted. On average, organizations are subject to more than a hundred targeted breach attempts each year, in addition to the thousands (and sometimes millions) of random breach attempts prevented each week. This means that these organizations can expect, on average, two to three successful attacks per month.

Accenture estimates that data theft currently costs organizations an aggregate of $2 trillion per year and that this number could potentially reach as high as $90 trillion by 2030 if trends continue. As we recently reported on The Spotlight, the average cost of a data breach for a Canadian company exceeds $6 million.

Why do Typical Strategies Fail?

While a majority of those surveyed for the Report admitted that it typically takes "months" to detect successful attacks, 17% confessed that such identification often takes a year or longer. This lag not only prevents organizations from properly responding to specific breaches, but also makes building an effective cybersecurity strategy nearly impossible. By the time a breach is identified, the data is already gone. By the time the vulnerability is identified, another thief has deployed a different strategy.

Further compounding the issue is the presence of both internal and external threats. Different protective strategies are required to deal with internal and external data theft, and the Report shows that most organizations have a difficult time prioritizing resources to properly protect against both.

Facing Reality - Data Breach Prevention Strategies

In the face of these gloomy statistics, those charged with a corporate cybersecurity mandate may be wondering how to survive in this increasingly risky landscape. The Report suggests the following:

  1. Define cybersecurity success
  2. Pressure-test security capabilities the way adversaries do
  3. Protect from the inside out
  4. Invest to innovate and outmaneuver
  5. Make security everyone's job
  6. Lead from the top
  7. Build on past lessons

In order to implement these strategies, it is critical that businesses provide the necessary training to employees at all levels of the company. Law firms with expertise in privacy and data breach prevention provide a vital service in this regard.

Third party service providers are often the weakest entry port for data breaches. Well-drafted contracts contain, amongst other things: (i) representations and warranties from the service provider that its cybersecurity meets the desired standards; (ii) covenants that the service provider will notify the business immediately upon discovering a potential breach; (iii) audit rights; and (iv) indemnification provisions that protect the business from bearing the economic burden of a data breach.

Organizations need to recognize the true scale of the cyberattacks they face, adapt to the changing landscape, and incorporate these best practices to protect their bottom line from the costs of data breaches.

Related Categories

Related Blogs

Posted in: Privacy | Data Security/Privacy

Insights TheSpotlight
Equifax Breach - The Breach That Will Keep on Giving By Paige Backman and Meghan A. Cowan Sep 14, 2017 At this point, if you haven’t heard of the Equifax data breach, it could only be because you have rightfully been glued to the coverage of (or living through) Hurricane Irma, Harvey or Jose. On September 7, 2017, Equifax revealed that it was the subject of a cybersecurity breach over the s...

Posted in: Data Protection | Privacy | Data Security/Privacy

Insights TheSpotlight
Ontario Court of Appeal Established New Privacy Rights – Utility Consumption Data and Grow Ops By Paige Backman Aug 21, 2017 If you are a utility monitoring consumption data, think twice before providing any of that information to the police. You may need to ensure the police first provide you with a warrant or other judicial authorization specifically requesting the information. The Ontario Court of Appeal, distinguis...

Posted in: Data Security/Privacy | CASL | GDPR | Data Protection

Insights TheSpotlight
With All Eyes Turned to CASL, is Anyone Paying Attention to GDPR? With Less Than 1 Year Before GDPR Takes Effect, Make Sure Your Organization is Ready By Paige Backman and Aaron Baer Jul 21, 2017 In early June, the Government of Canada came to its senses by suspending the provision of Canada’s Anti-Spam Legislation (“CASL”) that would have enabled a private right of action to be brought as of July 1, 2017. While this decision provided temporary relief to businesses who f...