The Importance of Cybersecurity
Did you know that the global average cost of a data breach is $3.86 million? Or, that the average cost incurred for each record of lost or stolen sensitive and confidential information has increased by almost five (5) percent since 2017? A recent study found that breaches are only getting bigger; and I think we have the evolving sophisticated cyber threats that continue to surface.
The threat landscape is continuously evolving and its path of destruction has echoed across news headlines. Examples of infamous attacks include a couple of retailers in 2018 such as Macy's, Saks, Lord and Taylor and more, WannaCry from 2017, and many, many more! Cybersecurity serves as the shield to a firm’s sensitive data and systems, helping to protect business critical information from potential breaches and attacks. In other words, stringent security measures are the antidotes to cyber threats. As cybercrime grows in sophistication and frequency, it is critical that hedge fund security measures and education concurrently advance and fortify.
Approaches to security will fluctuate firm to firm, but we recommend employing a multifaceted security plan that includes, but is not limited to, the following facets:
Written Information Security Plans (WISP) - Safeguards sensitive information and periodically assesses a firm’s mechanisms to thwart threats
Technical Safeguards and Policies- For example, Access Control – Utilizing the Principle of Least Privilege and Advanced Password Policies
Third-Party Risk Assessment
Cyber-Incident Response Team (CIRT)- Ensures immediate action is taken in the aftermath of a security event.
What impact does cybersecurity have on data breaches?
The previously mentioned study found that effective BCP planning can help alleviate both the mean time to identify a breach. Additionally, BCP involvement reduces the per capita cost of a data breach. Aside from monetary impact, most companies experience negative opportunity costs subsequent to an attack, which derive from damaged reputations and weakened trust of current and prospective clients.
Other factors found to significantly lower the ensuing costs of a successful attack are existing incident response teams, employee training and extensive utilization of encryption. Proactive firms with strong cybersecurity measures in place reduce the opportunity for an attack, as well as, the severity of impact should an incident occur. The reality is we must grapple with cybersecurity and focus on implementing an all-encompassing strategy to prevent, detect and respond to incidents.
Additional relevant resources: