Attacks Cloud Data Executive Decisions IoT Malware Mobile Network Security Strategy Threat Defense

Quantifying The Enterprise Cost Of A Cyber Security Data Breach

Impact To Organization Goes Years Beyond The Incident

Add bookmark
Jeff Orr
Jeff Orr
07/30/2019
Quantifying The Enterprise Cost Of A Cyber Security Data Breach

Financial services provider Capital One appears to be the latest mega-breach of personal data in a growing number of large incidents where more than 1 million records are compromised. Upwards of 100 million individuals were impacted by the data breach, which included social security numbers and linked bank accounts for credit card customers and applicants across the U.S. and Canada.

The root cause appears to be a firewall vulnerability exploited in a Capital One web application that interfaces with its AWS cloud. The theft of data had been occurring for a few months before it was detected and federal authorities were called in to investigate.

No industry sector can claim immunity from data breaches. Vertical markets with large customer bases, including healthcare and financial services, tend to lead in terms of the number of customer records exposed. Government agencies also fall into this group of potentially attractive targets with large amounts of personally identifiable information (PII).

Readers of Cyber Security Hub are well aware of the risk management practices to mitigate an enterprise attack, including:

An increasingly important metric to understand is the cost of an enterprise data breach. More and more research is being done to help illuminate this emerging subject. According to the annual Cost of a Data Breach Report by the Ponemon Institute and sponsored by IBM Research, the cost per lost record for a company in the United States averages $242.

Capital One estimates its 2019 losses from this data breach to be in the $100-150 mn range, below the average in the Ponemon research. The study further concluded that while data breaches are a global concern, U.S. enterprise organizations lead all nations in total cost of data breaches with an average impact to the business of nearly $8.2 mn.

Governments are also moving quickly in an effort to penalize organizations that compromise personal data. The European Union (EU), which recently implemented a data protection law to fine companies for data mismanagement, is expected to levy Bulgaria’s tax agency up to $22.5 mn over the breach of PII for more than 4 million Bulgarian citizens. Stateside, New York has expanded its data breach laws and requires businesses to implement data security programs. The SHIELD (Stop Hacks and Improve Electronic Data Security) Act broadens the definition of PII and adds new requirements for breach disclosures. Businesses collecting PII about New York residents must implement security measures and develop employee awareness programs among other administrative safeguards to ensure cyber hygiene.

While 100% security is not a practical objective, getting back to the fundamentals of understanding data movement, identifying sensitive PII and company data, and enforcing third-party risk management (even in the cloud) can not be overstated as a reminder to “get the house in order” with the number of mega-breaches occurring weekly.

Tags: Cyber Security Data Breach Risk Management Cost Basics Third-Party Risk Management PII Sensitive Data Regulation Mega-Breach Ponemon Institute Security Awareness Data Security Threat Intelligence Cloud Security Security Advocacy Capital One Bulgaria New York CSH CS hub Cyber Security Hub AWS
info@cshub.com/r/n

We hope you enjoy All Access from CS Hub!!<\/p>\r\n<p>Best Regards,<\/p>\r\n<p><a href=https://www.cshub.com/"https:////www.cshub.com///" target=\"_blank\">CS Hub Team<\/a><\/p>\r\n<p>P.S. Be sure to check out our other upcoming <a href=https://www.cshub.com/"https:////www.cshub.com//events?filter_format=ONLINE\%22 target=\"_blank\">All Access events here<\/a>.<\/p>\r\n<p>--------------------------------<\/p>\r\nConnect with us on Social Media: <a href=https://www.cshub.com/"https:////www.linkedin.com//groups//12067996///" target=\"_blank\">LinkedIn<\/a> | <a href=https://www.cshub.com/"https:////twitter.com//CSHubUSA/" target=\"_blank\">Twitter<\/a><\/p>\r\n<p>--------------------------------<\/p>\r\n<p>FAQS<\/p>\r\n<p><b>Can I invite my colleagues?<\/b><br>Yes of course! Please send them this link so they can register for free! [WebUrl]<\/p>\r\n\r\n<p><b>How do I access the sessions?<\/b><br>\r\nAll Access is run on Zoom Events. You should receive an email shortly from Zoom Events with your unique All Access link to the event lobby. Please hold on to that email ahead of the event. We\u2019ll also send you a reminder 24 hours before we go live!<\/p>\r\n\r\n<p><b>Will the agenda be updated?<\/b><br>\r\nYes, the agenda will be continuously updated on the website with the latest sessions & speakers. As we get closer to the event, also look out for our weekly updates which will also include the latest updates information and link to access the event.<\/p>\r\n<p><b>Can I access the sessions On Demand?<\/b><br>\r\nEvery session will be available after the event via the event lobby. We\u2019ll also send you a reminder about the On Demand sessions which will be sent to you after the event is over.<\/p>\r\n<p>--------------------------------<\/p>\r\n<p>RELATED RESOURCES TO READ BEFORE YOUR EVENT<\/p>\r\n<ul>\r\n <li><a href=https://www.cshub.com/"https:////www.cshub.com//executive-decisions//reports//cs-hub-mid-year-market-report-2022?utm_source=eco-event-confirmation-email&utm_medium=email&utm_campaign=eco-event-confirmation-email\%22 target=\"_blank\">CS Hub Mid-Year Market Report 2022<\/a><\/li>\r\n <li><a href=https://www.cshub.com/"https:////www.cshub.com//security-strategy//reports//ciso-strategies-for-proactive-threat-prevention?utm_source=eco-event-confirmation-email&utm_medium=email&utm_campaign=eco-event-confirmation-email\%22 target=\"_blank\">CISO strategies for proactive threat prevention<\/a><\/li>\r\n <li><a href=https://www.cshub.com/"https:////www.cshub.com//security-strategy//reports//how-to-strengthen-email-security-and-protection-against-advanced-ransomware-attacks?utm_source=eco-event-confirmation-email&utm_medium=email&utm_campaign=eco-event-confirmation-email\%22 target=\"_blank\">How to strengthen email security and protection against advanced ransomware attacks<\/a><\/li>\r\n<\/ul>","event_registration_srs_confirmation_email":null,"assets_from_cdn":true},"bant_disabled":0,"sponsorship_disclaimer":null,"sponsorship_disclaimer_text":null,"sponsorship_disclaimer_checkbox_disabled":0,"ext_treat_id":null,"recording_url":null,"file_attachment":null,"ingo_enabled":null,"ingo_activator_id":null,"ingo_autofiller_id":null,"ingo_amplifier_id":null,"ingo_authorizer_id":null,"restricted_content":0,"featured_events_embedded":[],"featured_content_embedded":[],"featured_content_portal_embedded":null}" >

FIND CONTENT BY TYPE

News Case Studies Interviews White Papers Videos

Cyber Security Hub COMMUNITY

About Us Power10 Contact Us Advertise with us Cookie Policy User Agreement Become a Contributor All Access from CS Hub Become a Member Today Media Partners

ADVERTISE WITH US

Advertise Now

JOIN THE Cyber Security Hub COMMUNITY

Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.

Cyber Security Hub, a division of IQPC

© 2026 All rights reserved. Use of this site constitutes acceptance of our User Agreement, Privacy Policy and Cookies Settings.

Careers With IQPC | Contact Us | About Us | Cookie Policy