Embed Size (px)
Citation preview
A THREAT TO BUSINESS: DATA BREACHES AND FRAUD
In the United States, the majority of data breaches are the result of criminal attacks or malicious insiders1.
The cost of a data breach doesn’t end with the breach itself. Determining the scope of the breach, notifying clients, assisting clients, and losing business all add to the total cost1.
Data Breaches
In 2017, Equifax, one of the three major credit reporting agencies in the United States, suffered one of the worst data breaches of all time. Over the course of several weeks, hackers stole the names, social security numbers, addresses, dates of birth, and other personally identifiable information of nearly 150 million Americans. The scale of the attack, which was brought to light in congressional hearings, highlighted not only the vulnerability oforganizations to data theft, but exposed the considerable cost to businesses in the aftermath of a breach.
According to IBM and the Ponemon Institute, the average total cost for a data breach in the United States is $7.91 million1.Businesses that suffer a data breach must spend considerable time and resources determining the scope of the breach, notifying customers and regulators, fixing and updating the compromised systems, and striving to win back customers and reputation.
The overall scale of a data breach is hard to calculate due to the ongoing threat of fraud. Stolen data can sit dormant for years, only to resurface later for hackers and fraudsters to take advantage of and use against unsuspecting victims. As the technological sophistication of criminals and hackers becomes ever-more advanced, it is vital that businesses remain committed to protecting their clients’ data.
52% of data breaches are perpetrated by criminals and malicious insiders. This is the most difficult and costliest attack for an organization to remedy.
25% of data breaches are the result of human error. These types of breaches are often caused by negligent employees due to carelessness.
23% of data breaches are caused by computer glitches. Computer glitches may be the result of poor business processes or IT failures.
Source: 1IBM and Ponemon Institute, “2018 Cost of a Data Breach Study: Global Overview” *Costs are associated with data breaches in which more than 1,000 records are compromised
Due to being heavily regulated, breaches in the health and financial sectors are the most expensive to remediate, costing and average of $408 and $206 per compromised record, respectively1.
Detection and Escalation
Notification
Post Data Breach Response
Lost Business
Breach assessment Audit
Crisis management
Emails, letters, calls to clients
Contact regulators
Outside experts
Establishinga help desk
New Accounts
Legal Costs
Reputational losses
Increased clientacquisition cost
Lost clients
$1.21M$0.74M
$1.76M$4.20M
Breakdown of Average Cost Per Component for a Data Breach
Total Average Cost for a Data Breach in the U.S.
$7.91million*
$181
Finance
Services
$174 Pharmaceuticals
$170 Technology
$408
$206
Health
Average Cost per Record Compromised in a Data Breach by Industry
ROBERT SPENDLOVEEconomic and Public Policy Officer
Contact our team for more information or to schedule a speaking engagement.
[email protected] (801) 560-5394
[email protected] (801) 844-7887www.zionsbank.com/economy
Content is offered for informational purposes only and should not be construed as tax, legal, financial or business advice. Please contact a professional about your specific needs and advice. Content may contain trademarks or trade names owned by parties who are not affiliated with ZB, N.A. Use of such marks does not imply any sponsorship by or affiliation
with third parties, and ZB, N.A. does not claim any ownership of or make representations about products and services offered under or associated with such marks.
A division of ZB, N.A. Member FDIC As of August 24, 2018
Business Fraud
Businesses large and small are under threat from payments fraud. According to the Association for Financial Professionals, the number of organizations reporting payments fraud has risen from 60 percent in 2013, to 78 percent in 20172. This significant rise has been led by check fraud, with nearly 74 percent ofinstitutions reporting attempted or actual check fraud. While other payment methods have gained share in recent years,business-to-business check payments remain the most used method of payment and so are the preferred method for fraudsters.
In addition to a high prevalence of check fraud, businesses are facing an increased amount of wire transfer fraud. This method of attack has grown in prominence with the rise of the Business Email Compromise (BEC) scam. BEC often occurs when an employee receives a fraudulent email from a scammer pretending to be a superior or other trusted business relationship and asking for money to be wired or an invoice paid; 77 percent of organizations have been affected by BEC2. According to the Federal Bureau of Investigation, BEC scams continue to evolve and have been reported in all 50 states and 150 countries around the world. Between 2013 and 2018, the estimatedworldwide exposure to BEC is more than $12 billion3.
Despite ongoing education efforts and training offered by employers, businesses remain susceptible to sophisticated cyber criminals and scammers. Personally identifiable infor-mation exposed in a data breach or obtained through social engineering can be used days, months or years later to commit fraud, both at the individual and business level.Organizations will need to keep on top of process controls and develop top-notch cyber security protections in order toprevent and deter business and payment fraud in the future.
Check fraud is the most common form of payment fraud that organizations face, with 74 percent of finance professionals reporting the occurrence of fraudulent check transactions2.
60%
30%
Checks
Wire Transfers
Corporate Credit Cards
28% ACH Debit
13% ACH Credit
74%
48%
Payment fraud has continued to increase over the past five years, rising from 60 percent in 2013, to 78 percent in 20172.
Percent of Finance Professionals Reporting Payment Fraud by Type
77% of businesses were affected by Business Email Compromise (BEC) in 20172. BEC occurs when employees receive whatappears to be genuine emails from a trusted person asking for funds to be moved or wired.
The number of Business Email Compromise scams has risen despite ongoing diligence by businesses.
Sources: 2Association for Financial Professionals and JPMorgan Chase, “2018 Payments Fraud and Control Survey Report”;
3Federal Bureau of Investigation, Alert I-071218-PSA
$12.5 billion has been reported to the Internet Crimes Complaint Center as being exposed to BEC fraud worldwide from 2013 - 20183.The scam is active in all 50 states and in over 150 countries.
62%
73%
74%
78% Percent of Businesses ReportingPayments Fraud
2013 2014 2015 2016 2017
