There is a great article on Data Breach Today on how the health insurance provider Anthem recently paid out over $115 millions dollars as a settlement from their 2015 breach. This settlement is primarily due to credit monitoring services for the over 79 million people whose data was potentially compromised. While that is big money, keep in mind this only covers the settlement. What these numbers do not include are internal incident response and legal costs, reputational harm, additional external payments to other partners, additional legal costs from other states or even other countries. In addition, with the European Union’s enacting of GDPR this summer, the risk associated with fines for breaches have exponentially increased (as in 4% of your global revenue). Think GDPR does not apply to you? Think again.
Mature security awareness programs are a powerful way to dramatically reduce the risk of a breach. By changing workforce behaviors and creating a more secure culture, not only do you dramatically reduce the likelihood of a breach, but you will far more quickly detect and respond to them, enabling you to stop the attacker before data can be exfiltrated and a breach can truly happen. Everything we do at SANS Security Awareness is focused on enabling you to establish a mature program that not only changes behavior, but enables you to measure that change.