As the trading hours closed tonight, Wall Street has rendered its initial verdict on Equifax after its breach earlier this month -- 25%, or $4 Billion, in market cap wiped out in just 5 days. And this is only the beginning -- lest we forget Equifax's initial costs associated with responding to the crisis and the current costs associated with the aftermath, which is estimated to be between $200 million to $400 million. To paint a similar picture, in 2015, rival credit bureau Experian experienced a similar but smaller-scale breach that affected 15 million people, costing the company about $20 million in immediate costs. This time, Equifax's breach has affected roughly ten times as many people, making it easy to assume it will cost the company roughly a ten times higher spend after the insurance kicks in. However, the biggest cost Equifax will face is the one associated with losing customers in the long-term because they no longer trust Equifax’s brand.
When preventable security breaches can have such devastating impacts on a business, why then aren’t CFOs supporting CISOs’ pleas for a bigger investment in security to align with digitization efforts? Unfortunately, key security initiatives are often deferred for months or even years because it can be difficult to calculate ROI, or justify value when compared to investments in CIO-led initiatives, such as Big Data or AI.
Now consider the long-term impact to a business when it loses its customers’ trust in the business's ability to protect their information. What good will any of the digitization efforts be in that case?
Cloud migration is forcing organizations to rethink the security landscape. As the RedLock CSI Cloud Infrastructure Security Trends report highlighted, organizations are realizing that traditional security investments are incompatible in the dynamic cloud. Either we can hope and pray that we’re not the next OneLogin, Target, or Equifax, or we can be proactive and get buy-ins from leadership teams to rapidly retool security investments to enable more effective security governance and data protection.
So, what is your organization going to do -- fall behind or get ahead of the security game?
To get a more comprehensive visibility into threats across your Amazon Web Services (AWS), Microsoft Azure, and Google Cloud environments, request a Free Cloud Risk Assessment.