Some companies take a mitigation approach to cybersecurity whereby they detect intrusions and attacks, then take steps to stop them in their tracks. This approach was acceptable in the past but, in an era when cyberattacks are escalating in volume, frequency and severity, a mitigation approach can be extremely costly.
The costs of a successful cyberattack include the financial losses that occur as a result of not being able to do business, the cost of getting systems cleaned up, and back up and running, and the potential costs associated with lost data. Now, with the Australian government’s mandatory notifiable data breach scheme and Europe’s impending General Data Protection Regulation, the importance of protecting data has grown.
These new pieces of legislation are set to be followed by others around the world. One thing they all have in common is significant fines for failing to prevent a data breach or failing to notify the affected individuals and appropriate government bodies of the breach. This adds a new facet to the cost of cyberattacks.