Company Profile: Software as a Service (SAAS) provider of human resources and membership management software for gymnasiums countrywide
An employee opened up a phishing e-mail that infiltrated the company’s centralized network. Anti-virus software failed to keep out the malicious code, exposing names, addresses, dates of birth, Social Security numbers and financial information, such as credit card and bank account numbers. A computer forensics investigator was hired, who determined that personally identifiable information had been compromised. This included information related to the customers’ employees as well as the company’s own employees.
According to the NetDiligence® Data Breach Cost Calculator* the estimated costs for this event for the software service provider could be:
|Incident Investigation Costs:||$291,000|
|Customer Notification and Crisis Management Costs:||$504,000|
|Fines & Penalties:||$550,000|
According to the Ponemon 2015 Cost of Data Breach Study, an average event of this type could drive the average costs up to $2,810,000 for a business.
|Post Breach Costs:||$1,640,000|
Risk Management Tips:
- Implement vendor security into your Information Security policies and procedures.
- Add provisions that address cybersecurity into your vendor contracts.
- Practice cyber-attack response drills with your vendors.
Read part 1 of Hacked! The cost of a cyber breach – Retail Industry
Read part 2 of Hacked! The cost of a cyber breach – Healthcare Industry
Read part 3 of Hacked! The cost of a cyber breach – Financial Industry
by Rosalie L. Donlon, Property Casualty 360