SURVEY | Disclosing a breach timeously leads to less financial loss


Yana Shevchenko | Senior Product Marketing Manager | Kaspersky Lab | mail me

There is a correlation between the way a data breach is disclosed and the total financial losses an organisation experiences following a cybersecurity incident.

According to our new report, ‘How businesses can minimise the cost of a data breach’, enterprises in the Middle East, Turkey and Africa (META) that decide to voluntarily inform their stakeholders and the public about a breach, on average, are likely to lose 38% less than their peers that saw the incident leaked to the media. The same tendency has also been found to be the case in SMBs.

Reporting a data breach in a timely manner

Failure to suitably inform the public about a data breach in a timely manner can make the financial and reputational consequences of a data breach more severe.

Some high-profile cases include Yahoo!, who was fined and criticised for not notifying their investors about the data breach it experienced, and Uber’s fine for covering up an incident.

Our report, based on a global survey of more than 5,200 IT and cybersecurity practitioners, shows that organisations that take ownership of the situation usually mitigate the damage.

Costs for enterprises that disclose a breach are estimated at $983,000 in META region, while their peers that had an incident leaked to the media suffered $1.579 million in damage.

The same is the case for SMB that operate in the Middle East, Turkey and Africa: those that voluntarily inform their audiences about a breach experienced less financial damage (19%) than those whose incidents were leaked to the press – $105,000 compared to $130,000.

Half (53%) of businesses in META that have experienced a data breach went on to proactively, and voluntarily, disclose the incident, whilst a quarter (26%) had their leak exposed to the media. Meanwhile, 21% of organisations that had experienced a breach did not disclose it at all.

Immediately detecting an attack

Although minimal losses were reported by enterprises that managed not to disclose the incident, this approach is far from ideal. Such companies are at risk of losing even more if, or more likely when a cybersecurity incident is revealed to the public against their intentions.

The survey further proved that risks are especially high for those companies that couldn’t immediately detect an attack.

29% of SMBs that take over a week to discover a breach will see it exposed in the press, compared to none if the breach is detected almost immediately.

Proactive disclosure can help turn things around in a company’s favour – and it goes beyond just the financial impact. If customers know what happened first-hand, they are likelier to maintain their trust in the brand.

Also, the company can give its clients recommendations on what to do next so that they can keep their assets protected.

Reducing the consequences of a data breach

The company can also tell their side of the story by sharing reliable and correct information with the media, instead of publications relying on third-party sources that may depict the situation incorrectly.

To reduce the chance of suffering damaging consequences from a data breach, we recommends that businesses follow these recommended actions in advance:

  • For enterprise endpoint level advanced threat detection, investigation, proactive threat hunting and fast response, implement EDR solutions such as our Endpoint Detection and Response. Smaller companies with limited expertise in cybersecurity can benefit from our EDR Optimum which provides basic EDR capabilities, including better visibility into endpoints, simplified root cause analysis and an automated response option.
  • In addition to endpoint protection, enterprises should implement a corporate-grade security solution that detects advanced threats on the network, enriched with threat intelligence such as our Anti Targeted Attack Platform. It helps to protect from professional cybercriminals who favour a multi-vector approach and often combine many different techniques into a single planned attack.
  • To respond in a timely manner to a cyberattack, combine in-house Incident Response team as a first-line of response, and escalate more complex incidents to third-party experts.
  • Introduce awareness training for employees to explain to them how to recognise a cybersecurity incident and what they should do if one occurs, including immediately notifying the company’s IT Security department.
  • Consider conducting special training for all parties involved in dealing with the aftermath of a data breach, including communication specialists and the head of IT security, such as our Incident Communications.

About the survey

Our Global Corporate IT Security Risks Survey (ITSRS) interviewed a total of 5,266 IT business decision-makers across 31 countries, including UAE, Saudi Arabia, Turkey and South Africa in June 2020.

Respondents were asked about the state of IT security within their organisations, the types of threats they face and the costs they have to deal with when recovering from attacks.



Please enter your comment!
Please enter your name here