Losses from security breaches becoming significant for

Transcription

1 Page 1 of 8 Search ZDNet Log In Join ZDNet White Papers Hot Topics Downloads Reviews Newsletters US Edition ZDNet.com is available in the following editions: Asia Australia Europe United Kingdom United States ZDNet around the globe: ZDNet Benelux ZDNet China ZDNet France ZDNet Germany ZDNet Korea ZDNet Japan ZDNet Netherlands Topics Windows 8 Big Data Social Enterprise Cloud Networking Tablets Techlines 2013 All Writers Log In Log In Join ZDNet Losses from security breaches becoming significant for firms Summary: Damages incurred from cyber breaches increasingly material especially with impact from reputational costs, note security observers who say risk assessment differs between companies and industries. By Ellyne Phneah June 11, :19 GMT (03:19 PDT)

2 Page 2 of 8 Cybersecurity breach losses are becoming a significant component of companies' accounting records with implications from intangible costs such as reputational damage, security watchers observe, who say IT risk assessment in cyber insurance can differ due to company size and industry type. Most security breaches will result in additional costs for impacted organizations, Jimmy Sng, partner of IT Risk Consulting at PwC said. These costs range from breach containment, crisis management, investigations and forensics, customer compensation, damaged system replacements, lawsuits and other penalties, he explained. Looking back at security breaches over the past few years, Sng said these additional costs and losses have become "material" and significant to the company, and the impact of such incidents are on the rise. He added it is difficult to estimate the cost of each cybersecurity breach which can range greatly, noting that larger cybersecurity incidents in the past had resulted in millions of breached data records. He pointed to Sony PlayStation Network breach last year ( which cost Sony up to US$171 million in damages. According to Lyon Poh, management consulting partner at KPMG Singapore, cybersecurity costs can be broken into two categories: recovery costs and financial damages resulting from contractual breaches or compliance violations; and reputational losses ( affecting future business opportunities. In the event of a cybersecurity breach, Poh noted that unexpected costs will also be incurred when the affected companies investigate and recover from the incident, as well as implement additional safeguards to prevent similar occurrences. However, such costs are quantifiable, he said, unlike loss of reputation which is unquantifiable and may lead to further losses. "Loss of reputation is not easily quantifiable and is likely to erode future business opportunities and, in extreme cases, lead to failure," he warned. Higher risks for some companies, industries In assessing the risk of a cyber breach for insurance purposes, Ian Pollard, vice president of Chartis Asia-Pacific, said risks differed between organizations as larger corporations and certain industry segments would need to deal with different cyberthreats compared to small and midsize businesses (SMBs). For instance, a bank is more susceptible to cybercrimes due to the high volume of sensitive information exchanged during daily transactions, he explained. Pollard said: "The risk portfolios of companies are defined through underwriting, security risk assessments, the mapping out of cyberattack possibilities which could result in earning losses, intellectual property infringement, defamation, privacy invasion and cyber extortion." He noted an increased uptake in cyber insurance ( htm) over the last three years because more companies now conduct their transactions over the Internet, and cloud computing has evolved to become more mainstream in the enterprise IT environment. New tech calls for robust cybersecurity strategy Poh agreed, adding that organizations now need to integrate the Internet into their business strategy and, hence, are more susceptible to breaches, he said. This has become the new "business norm" and enterprises must learn to respond to emerging risks that come with increasing cyberspace activities, he noted. Companies must assess the pervasiveness of cybersecurity risks in their business model, and develop an information security governance strategy to manage such risks as well as reduce the impact on their businesses in the event of a breach, Poh advised. They should implement security measures such as surveillance and redundancy planning in their cyberspace business strategy to allow for the early detection of breaches and minimize service disruptions, he said.

3 Page 3 of 8 A computer emergency readiness team (CERT) should also be established to respond and recover from breaches in a timely manner, and security and vulnerability assessments should be carried out periodically to evaluate the effectiveness and relevance of existing security measures, he added. "[As such], companies should see information security as a strategy to protect business values and not simply [regard it] as a business cost," Poh surmised. Topics: Networking, CIO, Data Management, Security, IT Employment About Ellyne Phneah Elly grew up on the adrenaline of crime fiction and it spurred her interest in cybercrime, privacy and the terror that exists in the dark side of IT. At ZDNet Asia, she has made it her mission to warn readers of upcoming security threats, while also covering other tech issues. Elly enjoys growing her already-huge wardrobe, photography, the performing arts and planning her travel escapades. She dreams of leaving her footprints all over the world. Contact Kick off your day with ZDNet's daily newsletter. It's the freshest tech news and opinion, served hot. Get it. Related Stories University launches degree to train future cybersecurity combatants ZDNet Security officer sees rapid detection and containment as new best IT security postures for enterprises ZDNet What s Your Android Distribution Strategy?

4 Page 4 of 8 digitalinnovationgazette Investing in Green Energy Through Big Oil Investment Contrarians about these links Talkback 0 comments Log in or register to start the discussion LogMeIn Sponsored Resources

5 Page 5 of 8 Related Stories Enterprise adoption of big data still 'embryonic' '10 years' before Asia's biz security catches up to US Conficker remains biggest threat to enterprises Security 'greatest focus' as mobile tech prevalence grows The best of ZDNet, delivered ZDNet Newsletters Get the best of ZDNet delivered straight to your inbox Enter your address ZDNet Must Read News Alerts - US: Major news is breaking. Are you ready? This newsletter has only the most important tech news nothing else. Subscribe Now

6 Page 6 of 8 Sponsored Links Optimize Stress Testing Insights & Tools For Stress Testing Excellence. From Moody's Analytics. GRC in a BYOD environment Learn the 4 reasons to adjust your endpoint GRC strategy. Free report! Absolute.com Facebook Activity Events Calendar White Papers, Webcasts, & Resources Edison Group Paper: IBM PowerVM Virtualization Technology on IBM POWER7 Systems If you're looking to build a technical case for POWER7, then don't miss this whitepaper. Read on for benchmark results showing greater VM consolidation ratios and increased performance lead with PowerVM virtualization technologies. Esri Maps Out Large-Scale Growth with SAP and IBM Take a look at this white paper to learn how Esri, a software company, was able to move from 16 servers down to two, while improving performance and storage in the process.

7 Losses from security breaches becoming significant for firms ZDNet Forrester Seven Top Integration Trends for 2011 to 2012 Page 7 of 8 Take a look at this white paper to see Forrester Research's top integration trends for 2011 and It's a new direction for business. Featured Articles Apple Store loses 1m of kit in Paris raid Ubuntu Linux enters the smartphone wars Lenovo ThinkPad S230u Twist review

8 Losses from security breaches becoming significant for firms ZDNet Are tablets driving e-readers to extinction? Around ZDNet Page 8 of 8 Topics Broadband Speed Test Events Calendar Meet the Team About ZDNet Site Map Services Log In Join ZDNet Membership Newsletters RSS Feeds ZDNet Mobile Site Assistance 2013 CBS Interactive. All rights reserved. Privacy Policy Cookies Ad Choice Terms of Use Visit other CBS Interactive sites Select Site