QUANTIFYING THE COST OF DATA BREACH UNDERSTANDING (AND AVOIDING) - - PowerPoint PPT Presentation

QUANTIFYING THE COST OF DATA BREACH

UNDERSTANDING (AND AVOIDING) FUTURE PITFALLS

Prepared by Castlebridge and TechPolis for Verimatrix

THE TRADITIONAL COSTS OF “DATA BREACH”

Traditional “Data Breach” = “Information Security Breach”



Cisco Security Report 2017



30% reported loss of revenue/turnover of up to 20%



20% lost customers



23% lost business opportunities



49% of respondents reported having to deal with public scrutiny

Source: Cisco 2017 Annual Cyber Security Report http://www.cisco.com/c/dam/m/digital/1198689/Cisco_2017_ACR_PDF.pdf

CONCEPT OF “DATA BREACH” IS EVOLVING

Information Privacy

Information Security

• Keeping it safe
• Controlling Access
• Keeping “bad guys out”
• Why do we have this data?
• What are we using it for?
• Do we have permission/basis for processing

this data this way?

• Do we have too much of this data?
• Are we keeping it too long?
• Where are we storing / sharing it?
• Did we tell our customers this was happening?
• What contractual controls are in place with 3rd

parties?

CONCEPT OF “DATA BREACH” IS EVOLVING

Data Breach Security Privacy Trust Ethics

CASE STUDY: MY (CREEPY) FRIEND KAYLA



Recordings of children and parent voices transmitted securely



Recording stored by vendor



Content of recording analysed (voice prints etc.)



Recordings could be accessed by the manufacturer (what might children tell their doll, what might it over hear?)

PRIVACY ENFORCEMENT A GROWING TREND – SMART TV MAKERS PROSECUTED / SUED

Both these cases relate to how data is OBTAINED and TRANSPARENCY how that is disclosed to individuals

WHO IS WATCHING THE WATCHERS?

Smart TVs VOD Services Device Fingerprinting Multiple devices Service personalisation Viewing recommendations Viewer analytics “Share of Eyeball” Analytics

GROWING CONSUMER AWARENESS (AND CONCERN)

72%

72% of respondents to EU Barometer Survey in April 2016 said they were concerned about the collection of data about them by on-line platforms

56%

56% of respondents to EU Barometer Survey in April 2016 said they were uncomfortable with on-line market places using data about them and their online activities

56%

56% of respondents to EU Barometer Survey in April 2016 said they did not usually read Terms and Conditions in online services

71%

71% of respondents to EU Barometer Flash Survey in April 2016 said it is unacceptable for companies to share information about them without their permission, even if it helps companies provide services they might like

Source: Europa Barometer study 447 and Flash Barometer 443, July 2016

GROWING CONSUMER AWARENESS (AND CONCERN)

Source: Fujitsu Personal Data in the Cloud Survey, 2010

91%

91% of respondents want a system which enables them how to control how their data is used

90%

90% of US consumers want to be asked to give permission for their data to be shared

71%

71% of respondents want governments to impose penalties on

• rganisations that misuse data

83%

83% of respondents want organisations to be clear about what they do with data

INCREASED REGULATORY OVERSIGHT



Globally there is a consistent trend to increased Regulatory oversight of data privacy.



EU rules are considered “gold standard” benchmark target



Many countries (e.g. Japan) are updating their domestic legislation to align better with EU standards



Common core principles emerging Significantly: Penalties and Sanctions are increasing!

TWO AVENUES OF COST: REGULATORS AND LITIGATORS

Vidal-Hall Case:

• Device fingerprinting and cookies, bypassing

browser controls

• No need to show loss – breach of duty of care

under Data Protection Directive / UK DPA Article 79 GDPR makes it EXPLICIT that material losses are not required to sue for breach of Data Privacy rights GDPR – 4% of Global Turnover max penalty Japan – 6 months in prison [Penalties from Regulators vary]

THE OLD “BIG DATA” PARADIGM

Global Data Privacy law trends increasingly require the opposite view to be taken!

BIG DATA IS GROWING UP



Relative Search frequencies for “Data Ethics” and related terms are increasing..



Information management still struggles with defining “Ethics”



With great power comes great responsibility!

Source: Google Trends analysis conducted by Castlebridge

THE EDPS VISION OF THE FUTURE OF DATA ETHICS



Focus on ethical behaviour in information management



“Compliance is the floor, not the ceiling”



EDPS sees Ethical management of information as a source of competitive advantage for organisations into the future

BUILDING THE BUSINESS CASE FOR COMPLIANCE (AND BEYOND)

Failure Costs

• Loss of revenue from customer loss/opportunity loss
• Cost of brand damage and impact
• Short term
• Long term
• Impact on Shareholder value
• Remediation Costs
• Investigation Costs
• Regulatory legal costs
• Regulatory Penalties
• Litigation Costs

Liability Costs Operational Benefits

• Brand differentiation – Competing on Ethics /

Values

• Improved strategic management of Information Assets
• Disaster recovery, M&A activities etc.
• Better responses when incidents/issues do arise
• Help drive internal efficiencies through better data

management (not JUST security)

• 10-25% of turnover consumed by poor data quality –

Data Protection compliance requires you to look at that! Strategic Benefits

WHO IS WATCHING THE WATCHERS?

Castlebridge www.Castlebridge.ie |@cbridgeinfo TechPolis www.techpolis.com