It seems as though every month or two we hear about another major organization whose “secure and encrypted customer database” has been hacked.
Wikipedia contributors composed a long list of corporate entities that have been hacked in recent years. Using data compiled from various sources, including press reports, government news releases, and mainstream news articles, listed are those involving the theft or compromise of 30,000 or more records each, although many smaller breaches occur continually.
The Cost of a Data Breach In 2020, the average cost of a data breach in the United States is now up to $8.64 million, with the global average being a mere $3.86 million. It is estimated that in 2019 alone, 164.68 million records were exposed as a result of data breaches.
In March 2020, SecureIT published a report titled, “Key Industries Most Vulnerable to Cyber Attacks This 2020.” The Top five mentioned include Healthcare, IT and Telecoms, Finance, Construction, and Transportation.
The estimated cost of a major system breach is between $100 and $200 per customer record — which includes post-breach costs such as lost business due to reputational damage, and costs associated with required communications and identity-theft services for consumers whose information has been compromised. This is a terribly high cost considering that preventing a breach is only about $8 per consumer record. This creates a strong motivation for institutions to spend more on preventing cyber intrusions.
An organization that has 25,000 records will have an estimated post-breach cost of $2.5 to $5 Million to clean up after a cyber breach. An organization with 100,000 records would bear costs $10 million dollars or higher.
Here’s some simple math related to a potential cybersecurity breach. Most collection agencies are required by various regulations to maintain collection records for at least five years. A medium to a large national collection agency is estimated to have at least 5 million records. In the event of a breach, an agency would be required to send letters to each consumer warning them of the breach and advising them what possible actions to take. Printing, processing, and postage is $0.57 per letter; the cost of the lettering alone would be $2.8 million. This cost alone could be enough to cripple an agency that is not carrying a cyber-attack insurance policy, leaving you with the responsibility of following up with your breached records.
Preventing and Protecting
How many consumer records does your government agency house? What is your organization doing to prevent a cybersecurity breach?
Do the collection agency(s), or other third-party vendors with whom you work take every measure to protect your consumer/citizen records? Do you know if your vendors have the best in Cyber-Security protections? Do you know have certified documentation of their policies and procedures for the housing and protection of your consumers’ records? Do they maintain a Cyber Insurance Policy?
I’m guessing that your RFPs and published competitive bids have specific requirements that ask a vendor to explain what measures, technologies, and certifications they have to protect consumer data from a breach. But, how many city, county, and state entity RFP’s are requiring their vendors to maintain a Cyber Insurance Policy?
Check Your Vendors
We strongly suggest that your organization has a very detailed and specific set of requirements that assure your vendors are protected against cyber-attacks and identity theft attempts. We would also recommend that you require your vendors to maintain a robust cyber-insurance policy for such possible breaches.
The primary and most essential step to ensuring cybersecurity is to require your collection agencies and other vendors to obtain and maintain certified processes and programs for all areas of their businesses.
You must also be sure that your collection agencies and other vendors obtain and maintain various certified processes and Certification Programs that assure your organization and your customers and citizens are protected from cyber threats.
For example, Revco Solutions considers information security an integral part of our business as well as the first line of defense against all potential internal and external threats to the business: physical, environmental, and computer-security related.
For that reason, we completed an extensive Multi-Scope audit through TECH LOCK ®INC. This audit targeted the entire Revco Solutions environment and focused on ensuring complete compliance with industry required standards such as PCI, HIPAA, and GLBA. We encourage you to explore these measures for your own organization and require them from your vendors. If you have questions, contact us to learn more.