The Ponemon Institute and Symantec released a report earlier this year, 2013 Cost of Data Breach Study: Global Analysis, that revealed the most heavily regulated industries correlated with the highest costs of a data breach – the healthcare industry, for example, had a per capita cost that was 71 percent higher than the overall mean cost. Pharmaceuticals, also within the healthcare industry, came in at third for highest data breach costs at 52 percent higher than the average.
The per capita cost was found by dividing the total cost of a data breach by the size of the data breach, determined by the number of lost or stolen records. Part of the reason for the healthcare industry’s high cost of a data breach is the federally mandated healthcare data laws, HIPAA and HITECH that require not only notification of affected individuals, but also the media and the Dept. of Health & Human Services.
Investigations of breaches involving protected health information can be extensive, and remediation – conducting risk assessments, implementing technical and physical security safeguards, installing new hardware and software, etc., can be personnel and capital cost-intensive.
The financial industry is second to healthcare when it comes to high data breach costs, coming in at 58 percent higher costs than the average. The nature of the data handled by the financial industry is highly sensitive – particularly for anyone handling credit cardholder data. PCI DSS regulates data security and requires merchants and vendors to be regularly audited by a QSA (Quality Security Assessor) to ensure data is protected along its entire lifecycle – from collection to processing to storage.
The challenge of ensuring data is protected while in transit and at rest can be solved with built-in encryption, VPNs (Virtual Private Networks), SSL certificates and two-factor authentication for VPN access. Within the healthcare industry, the breach notification law doesn’t require notification as long as the data is encrypted.
Learn more about encryption of data at rest and in transit on our Defense in Depth page.
The increased cyber threats of hackers and data theft presents a strong case for employing encryption and infrastructure that both secures data while delivering strong computing performance for optimal data availability and reliability. In this white paper, different types of encryption will be discussed, including using encryption in the cloud.
Although encryption is not a silver bullet of data or system security, it is one key tool that can be accompanied by a full arsenal of security services for a layered-defense approach to ensuring data is protected, even if accessed by unauthorized individuals. Additional security options to add to your IT solution will be covered.
Download our latest white paper, Encryption of Cloud Data.
2013 Cost of a Data Breach Study: Global Analysis (PDF)
Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.