August 06, 2015

Data Breach Costs: 7 Myths About Data Breaches Everyone Needs to Know

Misinformation about data breaches may be confusing consumers and businesses about their responsibility to protect confidential information.

Here are 7 common myths about data breaches – and the data breach facts.

Myth #1: Some organizations don’t possess confidential information. 

Any organization with employees, business contacts and customers, creates or collects sensitive data that information thieves want. Privacy laws and legislation require companies to protect this information.

Myth #2:  Hackers only target large retailers.

The large retailer breaches get all the headlines but smaller businesses are targeted too. A recent blog cited a 2013 Ponemon survey that showed 55% of small businesses in the U.S. had experienced a data breach.

Myth #3: If a retailer experiences a breach, only the retailer suffers.

Everyone in the transaction-processing system can be affected. For example, a 2014 Stax survey showed that nearly half of consumers blamed the retailer and the bank after a consumer data breach. Plus, 43% stopped using a particular payment account after the breach.

Myth #4: Retail data breach costs are the highest. 

Healthcare data breaches are actually the most expensive, according to the 2015 Cost of Data Breach Study: Global Analysis. The average cost of a healthcare breach is $363 per compromised record compared to $154 across all industries. At the same time, retail's average cost is $165 (although that’s a significant increase compared to $105 last year).

The Identity Theft Resource Center Data showed that 42% of U.S. breaches in 2014 occurred in the health care sector. That statistic is 10% higher than all business-category breaches.

Myth #5: Companies are doing everything they can to protect confidential information.

The Global State of Information Security Survey 2015 showed that information security spending is not keeping up with increases in security incidents. Investments in information security budgets declined 4% in 2014 compared to 2013. Small businesses in particular are at risk. The Shred-it 2015 Security Tracker showed they are much less likely than larger organizations to have a cyber-security policy.

Myth #6: Technology is the best protection against data breaches.

Anti-virus software, encryption, firewalls, etc., are critical but “we cannot fix this with technology alone,” said Arun Vishwanath, an online security and cyber behavior expert, in a University of Buffalo post.

“It is people who are letting these guys in.”

Attacks often start with emails containing malware in hyperlinks and attachments. When the link or attachment is opened, the hacker gets in. Security awareness training should include how to spot suspicious scams.

Myth #7: Data breaches involve digital information only.

Non-digital breaches are still a problem, according to a recent Journal of the American Medical Association (JAMA) study. Paper breaches accounted for 9% of compromised records in the first half of 2014 and 31% in the second half – in total, over 250,000 paper records and pieces of identifiable health information. Physical safeguards such as visitor sign-in, a Shred-all Policy, and a Clean Desk Policy are most important.

Find out why hard drive and e-media destruction is the only 100% secure way to permanently destroy confidential digital data and learn more about how Shred-it can protect your electronic data