Betting Against the Odds and Neglecting Risk:The True Cost of a Data Breach
When it comes to the cost of a successful data breach, the ensuing ramifications are not limited to monetary loss. A firm’s confidential information, customer trust and overall operations are all at risk of being compromised. To protect their data and systems from cyber-attacks and breaches, it is critical that firms become as secure as possible.
Raising the Bar
Over the past year, we have witnessed more firms strengthening their security measures in an effort to comply with industry regulations as well as the SEC cybersecurity expectations. Additionally, we’ve seen an increase in frequency and sophistication of both data theft and cybercrime. A study by Risk Based Security revealed that within the first nine months of 2014 there were 1,922 data breaches reported and 904 million records exposed. Four of those incidents have made the Top Ten All time Breach List and three hacking incidents combined were accountable for nearly sixty percent of exposed records. Today, most hedge funds are aware of the severe negative effects a security breach can cause; however, gaining this knowledge may have been a tough lesson to learn.
Remember the old saying “no risk, no reward”? While this phrase may work favorably in some cases, there is no margin for gambling when it comes to a firm’s information security. Target groups do vary and victims range from big merchants and high-end retailers to public figures and common folk, but hedge funds remain a high profile target. A survey by the Ponemon Institute reported that in 2014 the annual average cost of successful cyber-attacks per company in financial services is $20.8 million. Although nothing is foolproof, hedge funds that prepare for the “what if” scenarios have a greater chance of thwarting an attack and minimizing financial loss.
At Eze Castle, we recommend that all hedge funds employ multiple layers of security and have a Business Continuity Plan (BCP) in place to help mitigate risk and reduce the level of impact should a disaster strike. Firms should also ensure information, whether personal or confidential, is protected by internal and external policies. Having the following guidelines and procedures in place will help prevent sensitive and confidential business data from falling into the wrong hands:
Principle of Defense in Depth
Principle of Least Privilege
Secure User Authentication Protocols and Encryption
Mobile Device Policy
Audit and Logging Systems
Photo Credit: Istock