Hacked companies are losing the trust of consumers, and it’s adding steeply to the cost of cyberattacks.
According to the non-profit tech think tank Internet Society’s 2016 Global Internet Report, 59 percent of internet users said they were unlikely to engage in a business transaction with a company that had suffered a data breach.
The Wednesday report comes a few short months after Yahoo disclosed a year-old hack that compromised personal data, including email login information, for more than 500 million users. That’s the largest successful breach of personal information ever, and one that is reportedly already making Verizon reconsider how much it’s willing to pay to buy out the web giant.
Findings in the report come during the season of some of the most damaging high-profile hacks in recent years at retailer Target and Sony Pictures Entertainment, both of which cost the companies tens of millions.
Despite the rising frequency and cost of such attacks, too many organizations still aren’t doing enough to mitigate their risk, according to economist and society fellow Michael Kende.
“One of the key questions raised by this report is why are organizations doing so little to protect their customers’ data?” Kende, one of the report’s authors, said in a statement. “Everyone knows that data security is a major issue for both consumers and businesses, yet companies are not doing everything they could to prevent breaches.”
A failure to implement basic cybersecurity best practices like cloud data storage and end-to-end encryption are making those costs go up unnecessarily, especially since the vast majority of breaches — 93 percent — are preventable according to the Online Trust Alliance, another tech non-profit.
“This status-quo isn’t good enough anymore. As more and more of our lives migrate online, the cost and risk of a data breach is greatly increased, and will lead to lost revenues and a lack of trust,” Kende said. “And steps to mitigate the cost of breaches that do occur are not taken.”
The average cost of those breaches have gone up 29 percent since 2013 to $4 million, with 1,673 breaches exposing 707 million records in 2015 alone. The average cost per lost record rose 15 percent to $158 over the same period of time. Retailers should note during the most profitable quarter of the year that 13 percent of all breaches and six percent of all records are stolen from their sector. The second highest percent of breaches — 15 percent — are suffered by financial institutions, but lose only a fraction of the records at 0.1 percent.
In a nod to the recent distributed denial of service attack that brought down domain servicer Dyn and large portions of the internet with poorly secured internet of things (IoT) devices, the report highlighted why IoT is a major future area of concern.
Many of the growing number of seemingly innocuous internet-connected devices like smart thermostats, webcams and DVRs are under-secured, despite the sensitive information they transmit like location and health.
Olaf Kolkman, the society’s chief technology officer, said attacks on internet infrastructure “are incredibly damaging both in terms of profits and reputation, but also to the levels of trust users have in the internet.”
“With more of the devices in our pockets now having Internet connectivity, the opportunities for us to lose personal data is extremely high,” Kolkman said. “In a day and age where having a positive online presence really is a case of sink or swim for businesses, gambling with online security isn’t an option.”
In their suggestions, the society largely advocated imposing stricter standards and transparency in security policy and holding companies accountable for breaches — something a growing number of lawmakers in Congress are increasingly advocating in the wake of the Yahoo breach.