Spending on IT security has been increasing every year. Even so, data leaks are increasing in frequency, size, and impact. Clearly, the money spent on IT security is not producing a valuable return on investment. In fact, the more you're spending on IT security, the worse the problems grow. Why is that? Only about a third of data breaches are ever noticed by IT security professionals. And it takes them an average of more than 200 days to notice anything has happened. More importantly, the whole notion of them noticing a breach and responding to it is dealing with a problem which has already occurred. Why wait for the problem to occur? Why not prevent the problem from occurring? That's where RED-data comes in.
Sources:
"The average cost of a data breach reached an all-time high in 2023 of USD 4.45 million. This represents a 2.3% increase from the 2022 cost of USD 4.35 million. Taking a long-term view, the average cost has increased 15.3% from USD 3.86 million in the 2020 report."
"In 2022, it took organizations 207 days to identify a breach. In 2023, it took only 204 days."
"The majority (57%) of respondents indicated that data breaches led to an increase in the pricing of their business offerings, passing on costs to consumers. This finding is similar to our 2022 report, where 60% of respondents said they increased prices."
"Of all record types, customer and employee personal identifiable information (PII) was the costliest to have compromised. In 2023, customer PII such as names and Social Security numbers cost organizations USD 183 per record, with employee PII close behind at USD 181 per record. The least expensive record type to have compromised is anonymized customer data, which cost organizations USD 138 per record in 2023."
"40% of breaches were identified by a benign third party or outsider, whereas 33% of breaches were identified by internal teams and tools. Over one-quarter or 27% of breaches were disclosed by the attacker as part of a ransomware attack."
Can your organisation afford to wait 200 days for some beneficent outsider, or a ransomer, to inform you that you've had a data leak?
The money you're spending on IT Security staff to detect and remediate these problems is not preventing the problems. You have the option of preventing the problem. It's up to you to make that choice, on behalf of all the innocent people whose personal information you hold.
