Click here to load reader
Upload
flexera
View
88
Download
2
Embed Size (px)
Citation preview
BUSINESS IMPACT OF A BREACH… AND WHAT YOU CAN DO ABOUT IT
S R . A N A LY S T, F O R R E S T E R
GUEST SPEAKER:
HEIDI SHEY
3© 2 0 1 7 FORRES TER. RE P ROD U C TI ON P ROH I B I T ED.
>>Click here to Watch this Webinar On Demand Now<<
4© 2017 FORRESTER. REPRODUCTION PROHIBITED.
- NPR, September 26, 2017
5© 2017 FORRESTER. REPRODUCTION PROHIBITED.
- eSecurity Planet, April 10, 2015
- NPR, September 26, 2017
6© 2017 FORRESTER. REPRODUCTION PROHIBITED.
- eSecurity Planet, April 10, 2015
- Reuters, June 23, 2017
- NPR, September 26, 2017
7© 2017 FORRESTER. REPRODUCTION PROHIBITED.
- eSecurity Planet, April 10, 2015
- Reuters, June 23, 2017
- NPR, September 26, 2017
- DarkReading, July 25, 2017
8© 2017 FORRESTER. REPRODUCTION PROHIBITED.
› Image of complicated math
9© 2017 FORRESTER. REPRODUCTION PROHIBITED.
$1.6M settlement. Much of the
settlement goes to insurance. Consumers take
home only $400K; $1.2M goes to lawyers fees.
$115M settlement. 2 years of credit
monitoring for all people affected, or up to $50
cash to affected people who are already enrolled
$5.5M paid to 31 states. Settlement required updates to its security
practices, disclosure of data collection practices.
10© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Response and notification
Estimated cost range
Customer-facing breach
notification and response
$5-$10 per individual generally, but ranges
from $1-$40
Incident response and
investigation
$20K-$10M or more; hourly rates range from
$250-$550
Public relations crisis
management servicesHourly rates range from $200-$500
11© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Lost employee productivity and turnover
Estimated cost range
Cost of new CISO, CPO or
security hire
Example CISO salary ranges: EU, €200K to
€1 million (£171K to £853K). US, $223K
(median) to $420K+
CPO salaries: median salary of $171,000
globally and $191,000 in the US
Cost of employee turnoverPer employee, estimate 21% of annual
salary in total
Recruiting services for hiring
CISO, CPO, security staff
Placement fees can run anywhere from 20%
to as high as 50% (for a senior exec or hard
to fill role) of a new hire’s annual salary
12© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Lawsuits and settlements; regulatory fines+response
Estimated cost range
Legal fees/third-party breach
counsel
Rates can range from $380 to $1,200 per
hour
Legal settlementsHighly variable: from a few thousands to
hundreds of millions of dollars.
Regulatory fines $0 to a % of annual revenue
13© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Additional audit requirements; other liabilities
Estimated cost range
Remediation cost of additional
security requirementsHighly variable: $0 to X millions
Cost of an independent third-
party security audit$10,000 to $120,000 or more
Other liabilities
Highly variable (e.g., discounts, gift cards,
reduced acquisition cost, renegotiated
deals, etc.)
14© 2017 FORRESTER. REPRODUCTION PROHIBITED.
What decreases or increases the cost of a breach?
>>Click here to Watch this Webinar On Demand Now<<
15© 2017 FORRESTER. REPRODUCTION PROHIBITED.
What decreases or increases the cost of a breach?
Cyber insurance
Incident response planning
Breach notification services
Encryption
16© 2017 FORRESTER. REPRODUCTION PROHIBITED.
What decreases or increases the cost of a breach?
Cyber insurance
Incident response planning
Breach notification services
Encryption
New audit requirements
Need for new technology
Noncompliance with regulation
Lack of transparency with customers
17© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Data is the gift that keeps on giving…
Firm Data
Business intelligence
Customer intelligence
Customer experience
Innovation
18© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Data is the gift that keeps on giving…to everyone
Business intelligence
Customer intelligence
Customer experience
Innovation
Firm Data Criminal
Ransom
Blackmail
Fraud/ID theft
Resale
19© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Costs
20© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Value
Data
Relationships
Reputation
Morale
21© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Q2 2016 sales were down
26% from Q2 2015 sales
Breach-related costs of
$87.5 million and Q4 2017
profit losses of 27% YoY
Reputational damage has top line consequences
22© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Top causes of external attacks in 2017
23© 2017 FORRESTER. REPRODUCTION PROHIBITED.
ResponsePrevention
Detection
Response
FORRESTER.COM
Thank you© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Heidi Shey
+1 617-613-6076
“PREVENTION IS BETTER THAN CURE”
- Desiderius Erasmus
>>Click here to Watch this Webinar On Demand Now<<
Prevention is the Foundation of Security
PREVENTION:
Reduce the Risk of a Breach
Prevention
Detection
ResponseYou’ve Been
Breached!
Pre-Breach
26
2 Key Prevention Strategies
1. Reduce the “Attack Surface” – SAM Teams
2. Close the “Risk Window” –
Security and Operations Teams
27
© 2017 Flexera | Company Confidential
REDUCE THE ATTACK SURFACE
• Rationalize and Consolidate the Software Portfolio
• Remove or Upgrade End of Life Software
• Eliminate Unauthorized Software
© 2017 Flexera | Company Confidential 28
© 2017 Flexera | Company Confidential
D I S C L O S U R E T O
A W A R E N E S S
A W A R E N E S S T O
R E M E D I A T I O N
Close the Risk Window – with Software Vulnerability Management
29
DAYS186
DISCLOSURE AWARENESS REMEDIATION
D
99%Exploit known
vulnerabilities
30Days to first
exploitation
© 2017 Flexera | Company Confidential
VULNERABILITYINTELLIGENCE
TIME TO AWARENESS GAP
C L O S E T H E R I S K W I N D O W …
30
© 2017 Flexera | Company Confidential
VULNERABILITY ASSESSMENT & PATCHING
AWARENESS REMEDIATION GAP
C L O S E T H E R I S K W I N D O W …
31
© 2017 Flexera | Company Confidential
WE’RE REIMAGINING THE WAY SOFTWARE IS
BOUGHTSOLDMANAGEDSECURED
32
>>Click here to Watch this Webinar On Demand Now<<
Q & A
READ THE FORRESTER REPORT: CALCULATE THE BUSINESS IMPACT AND COST OF A BREACH
AVAILABLE ON OUR WEBSITE – HTTPS://INFO.FLEXERASOFTWARE.COM/SLO-WP-CALCULATE-IMPACT-DATA-BREACH-COST
33
© 2017 Flexera | Company Confidential
THANKS FORATTENDING!
www.flexera.com/Enterprise
34
>>Click here to Watch this Webinar On Demand Now<<