The word Impact, as a noun, is the action of one object coming forcibly into another object and it has synonyms like collision, crash, bump, bang, jolt and thump. The word Breach, as a noun, is an act of breaking or failing to observe a law, agreement or code of conduct and another definition relates to a gap in a wall or barrier specially made by an attacking army and its synonymous words are rupture, crack, rift, violation and breaking. So the rationale we get from these definitions related to the financial impact of cyber breaches is this: A force-able outflow of funds in result of any intended or unintended gap or crack within channels, repositories or ends.
Like we have layers of cyber security so there are certain layers of cyber breaches but the breaching flow is generally opposite to the security flow. For example at first hand Data Security Layer protects a critical asset, Application Security Layer comes in next phase, then next one is Endpoint Security Layer, then Network Security Layer and in the end we have Perimeter Security Layer. So the security ends on Perimeter Security Layer but at the time breach starts from the same point. The intruder enter from here and in the end he has to deal with inner security layer that is Application Security Layer.
Financial Impact has three levels i.e. Personal Level, Corporate Level and State Level. These are few examples at each level:
Personal Level: At Personal Level ATM hacking is critical one. From ATM card being struck inside the machine to millions USDs vanishing from ATM machines without using card is a vast land to cultivate for bad guys.
Corporate Level: As per IBM’s Cost of a Data Breach Study 2017 average total cost of data breach is 3.62 USD. For this Study they interviewed more than 1900 individuals from 419 organizations of 17 industries from 11 countries and 2 regions including ME and ASEAN. According to this Study all participated organizations experienced a data breach ranging from approximately 2600 to 100,000 compromised records costing USD 141 per lost or stolen record averagely. This is that Corporate Level of Financial Impact that matters allot for the economy overall.
State Level: Impact goes viral when States have to face it. Who can miss Stuxnet or diplomatic tension between US and NK from Sony Attack and how can we forget when SWIFT was compromised leading towards Bangladesh Bank Heist! Alarms should alert us when some hacker is confessing that it’s easier to hack an election than eBay. And the actual fact is that these all have cost.
If cyber breaches are costing us as stated above then solution is obviously is also with us and that is ensuring the security. Breaches are real, impact is genuine then why are we so lazy in security? And I know it is self-explanatory question.