In recent security news, the talk of data breaches is causing nervous jitters among IT professionals. With loads of data being generated and shared through every aspect of business operations, it’s important to defend company infrastructure from all angles against global threats and, even more so, from the hard-hitting costs that data breaches can cause.
What is a Data Breach?
Techopedia defines a data breach as “an incident that involves the unauthorized or illegal viewing, access or retrieval of data by an individual, application or service.” It is a break in security that is designed to steal or distribute private data to an untrusted source or environment. However, a breach is not limited to cyberspace, it can also occur with the theft of a laptop or a flash drive holding confidential and private information.
What are the consequences?
Not only does a data breach put your business at risk of having private information stolen or exposed, it also comes with the compliance of statutory liability. Once a data breach has been detected, notification obligations are required in almost every state by:
- Federal banking regulations
- Internal Revenue Service (IRS)
- Federal Trade Commission (FTC)
The HIPAA Breach Notification Rule “requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information.”
After a breach has been discovered, covered entities must provide notification of the breach to the Secretary of Health and Human Services, affected individuals and, in certain circumstances, to the media. If the breach occurs as a result of a business associate’s actions, then that associate must notify covered entities. Notification requirements vary by the number of individuals affected and each approach to notification is different.
- Individual Notice - covered entities must notify affected individuals following the discovery of a breach, must be provided by first-class mail or by email within 60 days after breach is discovered.
- Media Notice - covered entities that detect a breach affecting more than 500 residents of the state or jurisdiction, must provide notice to media within 60 days after the breach is discovered.
- Notice to the Secretary of HHS - in addition to notifying affected individuals and the media, covered entities must also provide notice to the Secretary of data breaches by filling out a breach report form.
- Notification by a Business Associate - If the breach occurs at or by a business associate, they must notify the covered entity no later than 60 days after detecting the breach.
Costs of a data breach
Whether notifying customers, agencies, or government officials, notification requirements can become costly. A data breach also exposes organizations enforcement actions, regulatory fines, and private causes of action.
Did you know that the average, consolidated cost of a data breach is $3.8 million? In fact, the average cost of each lost or stolen record containing confidential information increased from $145 in 2014 to $154 in 2015.
The IBM study over the Cost of Data Breach, points out two factors that directly affected the financial consequences of a data breach:
- Executive involvement in their organization’s IT security strategy and response to data breaches.
- The purchase of cyber insurance to lessen the cost of a data breach.
Fill in your security gaps with Centre Technologies
Ever thought about the risk your organization faces in the event of a data breach? Don’t let your organization become vulnerable to a data breach disaster. Adopt key security measures with best-of-breed technology from an IT solutions provider that you can trust.
Let Centre Technologies be your guide. Contact us today.