TOP 10 MOST EXPENSIVE CYBER-SECURITY BREACHES OF ALL TIME
Liz Is back!
No not world-renowned starlet Elizabeth Taylor or her Majesty, the Queen of England. We’re talking Elizabeth Denham, the appointed Information Commissioner of the UK’s ICO. She has just released another eye-watering fine of £99 million ($123 million) for the data breach at Marriot International, publicised this month. This comes just one day after the record-breaking penalty of £183 million given to British Airways, for the leaked personal information of 500,000 of their customers.
The Marriot fine is in response to a 2014 data breach of Starwood, a hotel company subsequently acquired by Marriot in 2016, although the breach itself wasn’t detected until 2018. Somewhat inconveniently for Marriot, this was the same year the GDPR came into effect.
What is the GDPR?
The GDPR mandates a “baseline set of standards for companies that handle EU citizens’ data, to better safeguard the processing and movement of citizens’ personal data” and secure documents online. AKA keeping you and your information safe in a world of increasing hack attacks, identity theft and data breaching. Respect+ to the EU.
Great for us as individuals. Perhaps not so great for companies that must now strictly adhere to the General Data Protection Regulations, protecting data and secure documents online to avoid some potentially mammoth penalties. Before this legislation was put in place, the largest potential fine permitted for a cyber security breach was $500,000; though this price tag did not account for other costly repercussions of such data breaches going public, such as:
- Lawsuits
- Identity Protective precautions
- Additional Staffing
- Additional Training
- Extra Security Systems
- Loss of Business
- Loss of company Reputation & Brand damage
So, what exactly is the “true” cost? Though this understandably differs based on the size of the company, impact of the breach and number of individuals/records affected, here are some helpful guidelines, in the form of industry averages:
- The average cost of a data breach is $3.86 million
- The typical cost of lost business after a breach for US organizations, adds up to $4.2 million
- A mega breach of 1 million records has an average total cost of $40 million (IBM)
- A mega breach of 50 million records has an average total cost of $350 million (IBM)
Though these costs will likely go up in coming years, with the ICO starting to flex its legal muscles, it is estimated that “damage related to cybercrime is projected to hit $6 trillion annually by 2021”. [1]