skip to main content
Back to all blog posts

Posted in: Data Security/Privacy

Dec 1, 2016

7 Ways to Help Your Organization Prevent Costly Data Breaches

By Amy Marcen-Gaudaur and Aaron Baer

Businesses spend an estimated $84 billion each year defending their data against cyberattacks. However, a recent report by Accenture (the "Report") highlights the stark disconnect between these costly protection measures and their efficacy. The Report is based on the results of a survey conducted by Accenture of 2,000 executives from 12 industries and 15 countries across North America, South America, Europe and the Asia-Pacific region.

According to the Report, the failure rate of data breach prevention is "alarmingly high." Approximately one-third of targeted data breach attempts against corporations are successful, yet three-quarters of executives have not lost confidence in their cybersecurity strategies.

The "alarmingly high" failure rate is further exacerbated by the "sheer volume" of cyberattacks being conducted. On average, organizations are subject to more than a hundred targeted breach attempts each year, in addition to the thousands (and sometimes millions) of random breach attempts prevented each week. This means that these organizations can expect, on average, two to three successful attacks per month.

Accenture estimates that data theft currently costs organizations an aggregate of $2 trillion per year and that this number could potentially reach as high as $90 trillion by 2030 if trends continue. As we recently reported on The Spotlight, the average cost of a data breach for a Canadian company exceeds $6 million.

Why do Typical Strategies Fail?

While a majority of those surveyed for the Report admitted that it typically takes "months" to detect successful attacks, 17% confessed that such identification often takes a year or longer. This lag not only prevents organizations from properly responding to specific breaches, but also makes building an effective cybersecurity strategy nearly impossible. By the time a breach is identified, the data is already gone. By the time the vulnerability is identified, another thief has deployed a different strategy.

Further compounding the issue is the presence of both internal and external threats. Different protective strategies are required to deal with internal and external data theft, and the Report shows that most organizations have a difficult time prioritizing resources to properly protect against both.

Facing Reality - Data Breach Prevention Strategies

In the face of these gloomy statistics, those charged with a corporate cybersecurity mandate may be wondering how to survive in this increasingly risky landscape. The Report suggests the following:

  1. Define cybersecurity success
  2. Pressure-test security capabilities the way adversaries do
  3. Protect from the inside out
  4. Invest to innovate and outmaneuver
  5. Make security everyone's job
  6. Lead from the top
  7. Build on past lessons

In order to implement these strategies, it is critical that businesses provide the necessary training to employees at all levels of the company. Law firms with expertise in privacy and data breach prevention provide a vital service in this regard.

Third party service providers are often the weakest entry port for data breaches. Well-drafted contracts contain, amongst other things: (i) representations and warranties from the service provider that its cybersecurity meets the desired standards; (ii) covenants that the service provider will notify the business immediately upon discovering a potential breach; (iii) audit rights; and (iv) indemnification provisions that protect the business from bearing the economic burden of a data breach.

Organizations need to recognize the true scale of the cyberattacks they face, adapt to the changing landscape, and incorporate these best practices to protect their bottom line from the costs of data breaches.

Related Categories

Related Blogs

Posted in: Privacy | Court Decision | Data Security/Privacy

Insights TheSpotlight
Texting and the Expectation of Privacy By Donald B. Johnston Dec 11, 2017 The Supreme Court of Canada published an important judgment on December 8, 2017, concerning whether or not Canadians have the right to expect that their texting conversations will remain private. Interestingly, the judgment of the court was split – which shows that even the cleverest lawyers can ...

Posted in: Privacy | Data Security/Privacy

Insights TheSpotlight
Equifax Breach - The Breach That Will Keep on Giving By Paige Backman and Meghan A. Cowan Sep 14, 2017 At this point, if you haven’t heard of the Equifax data breach, it could only be because you have rightfully been glued to the coverage of (or living through) Hurricane Irma, Harvey or Jose. On September 7, 2017, Equifax revealed that it was the subject of a cybersecurity breach over the s...

Posted in: Data Protection | Privacy | Data Security/Privacy

Insights TheSpotlight
Ontario Court of Appeal Established New Privacy Rights – Utility Consumption Data and Grow Ops By Paige Backman Aug 21, 2017 If you are a utility monitoring consumption data, think twice before providing any of that information to the police. You may need to ensure the police first provide you with a warrant or other judicial authorization specifically requesting the information. The Ontario Court of Appeal, distinguis...