Webinar: Business Impact of a Breach...And What You Can Do About It

BUSINESS IMPACT OF A BREACH… AND WHAT YOU CAN DO ABOUT IT

S R . A N A LY S T, F O R R E S T E R

GUEST SPEAKER:

HEIDI SHEY

3© 2 0 1 7 FORRES TER. RE P ROD U C TI ON P ROH I B I T ED.

>>Click here to Watch this Webinar On Demand Now<<

https://info.flexerasoftware.com/SLO-WBNR-SAM-SVM-Business-Impact-Breach

4© 2017 FORRESTER. REPRODUCTION PROHIBITED.

- NPR, September 26, 2017


- eSecurity Planet, April 10, 2015




- Reuters, June 23, 2017




- Reuters, June 23, 2017


- DarkReading, July 25, 2017


› Image of complicated math


$1.6M settlement. Much of the

settlement goes to insurance. Consumers take

home only $400K; $1.2M goes to lawyers fees.

$115M settlement. 2 years of credit

monitoring for all people affected, or up to $50

cash to affected people who are already enrolled

$5.5M paid to 31 states. Settlement required updates to its security

practices, disclosure of data collection practices.


Response and notification

Estimated cost range

Customer-facing breach

notification and response

$5-$10 per individual generally, but ranges

from $1-$40

Incident response and

investigation

$20K-$10M or more; hourly rates range from

$250-$550

Public relations crisis

management servicesHourly rates range from $200-$500


Lost employee productivity and turnover


Cost of new CISO, CPO or

security hire

Example CISO salary ranges: EU, €200K to

€1 million (£171K to £853K). US, $223K

(median) to $420K+

CPO salaries: median salary of $171,000

globally and $191,000 in the US

Cost of employee turnoverPer employee, estimate 21% of annual

salary in total

Recruiting services for hiring

CISO, CPO, security staff

Placement fees can run anywhere from 20%

to as high as 50% (for a senior exec or hard

to fill role) of a new hire’s annual salary


Lawsuits and settlements; regulatory fines+response


Legal fees/third-party breach

counsel

Rates can range from $380 to $1,200 per

hour

Legal settlementsHighly variable: from a few thousands to

hundreds of millions of dollars.

Regulatory fines $0 to a % of annual revenue


Additional audit requirements; other liabilities


Remediation cost of additional

security requirementsHighly variable: $0 to X millions

Cost of an independent third-

party security audit$10,000 to $120,000 or more

Other liabilities

Highly variable (e.g., discounts, gift cards,

reduced acquisition cost, renegotiated

deals, etc.)


What decreases or increases the cost of a breach?





Cyber insurance

Incident response planning

Breach notification services

Encryption



Cyber insurance

Incident response planning

Breach notification services

Encryption

New audit requirements

Need for new technology

Noncompliance with regulation

Lack of transparency with customers


Data is the gift that keeps on giving…

Firm Data

Business intelligence

Customer intelligence

Customer experience

Innovation


Data is the gift that keeps on giving…to everyone

Business intelligence

Customer intelligence

Customer experience

Innovation

Firm Data Criminal

Ransom

Blackmail

Fraud/ID theft

Resale


Costs


Value

Data

Relationships

Reputation

Morale


Q2 2016 sales were down

26% from Q2 2015 sales

Breach-related costs of

$87.5 million and Q4 2017

profit losses of 27% YoY

Reputational damage has top line consequences


Top causes of external attacks in 2017


ResponsePrevention

Detection

Response

FORRESTER.COM

Thank you© 2017 FORRESTER. REPRODUCTION PROHIBITED.

Heidi Shey

+1 617-613-6076

[email protected]

“PREVENTION IS BETTER THAN CURE”

- Desiderius Erasmus



Prevention is the Foundation of Security

PREVENTION:

Reduce the Risk of a Breach

Prevention

Detection

ResponseYou’ve Been

Breached!

Pre-Breach

26

2 Key Prevention Strategies

1. Reduce the “Attack Surface” – SAM Teams

2. Close the “Risk Window” –

Security and Operations Teams

27

© 2017 Flexera | Company Confidential

REDUCE THE ATTACK SURFACE

• Rationalize and Consolidate the Software Portfolio

• Remove or Upgrade End of Life Software

• Eliminate Unauthorized Software

© 2017 Flexera | Company Confidential 28


D I S C L O S U R E T O

A W A R E N E S S

A W A R E N E S S T O

R E M E D I A T I O N

Close the Risk Window – with Software Vulnerability Management

29

DAYS186

DISCLOSURE AWARENESS REMEDIATION

D

99%Exploit known

vulnerabilities

30Days to first

exploitation


VULNERABILITYINTELLIGENCE

TIME TO AWARENESS GAP

C L O S E T H E R I S K W I N D O W …

30


VULNERABILITY ASSESSMENT & PATCHING

AWARENESS REMEDIATION GAP

C L O S E T H E R I S K W I N D O W …

31


WE’RE REIMAGINING THE WAY SOFTWARE IS

BOUGHTSOLDMANAGEDSECURED

32



Q & A

READ THE FORRESTER REPORT: CALCULATE THE BUSINESS IMPACT AND COST OF A BREACH

AVAILABLE ON OUR WEBSITE – HTTPS://INFO.FLEXERASOFTWARE.COM/SLO-WP-CALCULATE-IMPACT-DATA-BREACH-COST

33

https://info.flexerasoftware.com/SLO-WP-Calculate-Impact-Data-Breach-Cost


THANKS FORATTENDING!

[email protected]

www.flexera.com/Enterprise

34


mailto:[email protected]

http://www.flexera.com/Enterprise
