The Cost of a Data Breach by Alex Igel Proteus Cyber.
A 2020 Global study by Ponemon Institute notes that the average total cost of a data breach declined slightly. In this year’s report, from $3.92 million last year to $3.86 million this year, which may lead some to believe that data breach costs have plateaued. This certainly is not the case. Not only are the chances of material breaches increasing. The costs of handling regulators investigations and fines are also spiralling upwards.
Damage to shareholder value.
So significant is the risk to organisations of poor information security management that it is certain to form part of any due diligence. For organisations looking for funding, mergers or acquisitions. It is worth considering what a breach, or indeed regulatory investigation, might do to your negotiations. We only need to look at the negative effect a major breach had on the Yahoo / Verizon deal for evidence of this. Meeting an independently certified information security management standard such as ISO 27001 gives validation to security credential for all stakeholders.
It is important to bear the above in mind. That said, a robust data privacy platform should put all the checks and balances in place to mitigate these unfortunate events from happening. In the event of a data leak the platform should ensure the rapid flagging and reporting in the most granular detail, of such an event, within minutes.
Whilst the above are important drivers in any business case for Data Privacy, procurement costs also need to be considered.
Clients have commented that the modular pricing they were presented with initially looked cheaper, but as they subsequently added modules, the through life costs were appreciably more expensive.
Our approach is to offer one clear and transparent price, which includes hosting, support and upgrades with unlimited users.
In addition, there are significant cost savings as Proteus provides a tightly integrated set of data privacy features that allow different business functions to work from the same data set but, still focus on their own dedicated areas. Significant costs can be incurred when systems are not well integrated, having been developed by different companies, that do not work in a cohesive manner.
For example:
- Legal can access the data register to ascertain who, where and what data is shared with 3rd parties and automatically use this data within the ‘Schrems II contract builder’ to create legally defensible contracts and appropriate intra- and extra-company agreements, without constantly having to consult with the IT function.
- The automated workflow functions available to the data privacy team with pre-populated surveys in subsequent years, can deliver significant cost savings and more importantly, not unnecessarily distract staff from their normal day to day duties.
- Using a top-down approach to map your data to the business processes the company uses and then sampling the data with cheaper tools than traditional ‘data discovery’ agents, can deliver significant cost savings. We believe this approach puts the data into context in a more coherent way. For example, typically data discovery tools can provide you with a sea of data, however, you need to spend significant time and additional cost mapping and understanding which business process uses that data or who it is shared with. In addition, you need to purchase agents for every platform which increases these costs again appreciably. It is far easier to identify the owners of the business processes who know what personal data they use rather than identify thousands or tens of thousands of data items that you then need to map back to the business processes.
- Off-the-shelf DSAR functionality. Our software can create local language DSAR interfaces for an infinite number of brands with a few clicks and then manage these through one interface. Each group can manage their own DSAR’s locally however, they are all visible to a group DPO.
- Should the number of DSAR’s increase to an unmanageable level, Proteus can be configured to call an API which collects the data on a data subject automatically making the response to DSARs significantly cheaper and faster. NB this is an optional module which you can take when the volumes justify the investment. Proteus supports your upgrade path as your data privacy programme matures.
From A Business Perspective the benefits that we offer includes: -
- One Groupwide Worldwide Licence
- The very high level of customer-enabled configuration in our platform results in a lower professional service spend with Proteus. We typically expect a client to spend 12.5-25% of the licence charge with us on professional services, such as training and implementation, in the first year, with such a spend in subsequent years being exceptional. We are aware that some of our competitors charge 50-150% of licence costs in year one and have a significant on-going professional services overhead.
Once implemented we include reasonable ‘advice and guidance’ as part of the SaaS licence. We include this in our services whereas our competitors generally charge for all services.
Have a look at an example below from our breach model calculator.
Example healthcare breach model
For more information or to arrange a demonstration contact us here
Published 13 July 2021
Last Modified 13 July 2021