That is the claim of a new report from Kaspersky Labs, based on a survey of 5,500 IT professionals in 26 countries. The survey found that respondents ranked preventing financial fraud as their highest concern, while preventing data breaches ranked much lower.The lack of an appreciation of a direct link between these two concerns is disturbing.
It seems that, despite years of fighting cyber threats and an escalation in the number and severity of cyber breaches, many companies still do not appreciate the widespread financial damages that breaches could create within their organizations.
Yet, the cost of these breaches is exorbitantly high. In fact, a report from A.M. Best stated that financial losses from a global cybersecurity risk could cost $31 billion.
The estimated costs for the health care industry are $6 billion per year, and with cybersecurity threats on the rise this number can be considered conservative.
“Electronic health records are prime targets because health care organizations lack the resources, processes and technologies to protect them. And it’s only going to get worse,” say Rick Kam and Larry Ponemon in just one of a slew of articles warning health care about the growing cybersecurity threat.
The problem stems from an imbalanced attitude about money, say researchers at Kaspersky Labs. “Businesses don’t like it when someone tries to steal their money, inventory or hardware. (But) It’s a fact that theft of data—a simple sequence of bits—can destroy a company as quickly as theft of money from a bank account … The perception of money is much closer to that of physical objects, but this perception has to change … money is represented as a sequence of bits, like any other ‘virtual’ data.”
Further, the antivirus company stated that other oversights are clouding companies’ ability to construct the most effective cybersecurity policies and systems. These oversights include:
- An unrealistic or non-uniform perception of online fraud
- A failure to assign ultimate responsibility for preventing cyber attacks
- An undefined cybersecurity solution
These failings are reflected in reports regarding health care institutions—thereby, preventing them from applying the security measures necessary to keep their clients’ personal data safe from cyber attacks.
To overcome this imbalance, they, like other industries, must shift the weight of their focus toward cybersecurity and the very real threats of breaches.
Health care organizations face significant potential losses from multiple directions:
- Financial damages.
The increase in the number and severity of cyber attacks has put regulatory bodies on the defensive. As a result, they are levying higher financial penalties than ever before. The costs can be crippling for the average company.
- Reputational damages.
Whenever personal data is breached, the organization is held accountable in the public eye and media. This reputational damage can ripple throughout the organization, creating several layers of damage that ultimately reach the bottom line.
- Compromised quality of care.
Losing control of patient data can have a significant impact on quality-of-care issues, in particular, because patients fear sharing more than they have to when seeking medical treatment.
Today companies must understand that any cyber breach will result in significant losses, which will either directly or indirectly impact their financial standing. To prevent this, they must overcome the common preconceived perceptions in their thinking about security.
Kaspersky Labs advises companies to adopt a holistic approach: “Effective risk management will require a holistic approach where a company’s technology, people and processes diligently work in concert to minimize cybersecurity risk.”
We have assisted more than 400 customers to operationalize and mature their information privacy, security, compliance and information risk management programs. And in the process, we are raising the bar for safeguarding PHI, protecting millions of Americans and driving real value for the organizations we support and the healthcare industry at large.