Another massive data breach hit the newswires this week as Yahoo! confirmed that over 500 million Yahoo accounts were hacked.
Such hacks seem to happen on a weekly basis now, which begs the question, why do these multi-billion companies keep getting compromised?
The hard truth is that it’s actually not in a company’s financial interest to remain secure, reports The Register.
“A study by the RAND Corporation, published in the Journal of Cybersecurity, looked at the frequency and cost of IT security failures in US businesses and found that the cost of a break-in is much lower than thought – typically around $200,000 per case.”
“With top-shelf security systems costing a lot more than that, not beefing up security looks in some ways like a smart business decision.”
Factor this with the almost impossible task of quantifying reputational damage and you have a dangerous combination.
After analysing 12,000 incident reports, the journal found that typically they only account for 0.4% of a company’s annual revenues.
“That compares to billing fraud, which averages at 5 per cent, or retail shrinkage (ie, shoplifting and insider theft), which accounts for 1.3 per cent of revenues.”