The volume of corporate data breaches continues its rise, but the cost of a data breach these days has become staggering. IBM reports the cost of the average data breach in 2016 has risen to $4 million, up nearly 30% in only three years. And the damages per compromised record averages $158.
No industry is immune from a breach, utilities included. Indeed, because utility customers often have only a single local provider, the concentration and completeness of customer data in a utilities’ database makes it an even richer target. The average per-record cost for a utility data breach is more than twice that in other industries: $355.
If even $355 per compromised data record doesn’t sounds like a lot, let me lend you a calculator. A hacked utility with only 12,000 customers will overshoot the IBM average by a mile.
Potential costs alone are reason enough for utilities to beef up their information security. But inadequate security has consequences that extend beyond the purse.
Why care about security? Here are a few more reasons.
Let’s look at some other reasons you should care about securing your information infrastructure and the precious data it houses.
Your customers care. It may seem obvious, but your customers care how you handle their privileged data. They don’t want you leaking their private phone numbers and birthdays, of course. But they certainly don’t want you being careless with social security numbers, or credit and payment information. Whether they’ve personally been the victim of information theft, they’re certainly media-aware of the havoc identity theft can bring them.
Regulators care. Regulators are, in many ways, the lifeblood of utilities. They act as advocates for—and on behalf of—your customers. Regulators determine how much you can charge, how much margin you can make, and how much to penalize you if you don’t follow their mandates. If you’ve ever had a data breach, you know the total cost to your utility is driven up by the fines regulators impose, not to mention the compensation you have to pay the affected customers.
Utilities care. You care about your utility’s reputation and brand, especially if you’re in a deregulated market. After all, dissatisfied customers can—and will—simply go elsewhere if competitors sport higher ratings. But even in regulated markets, if takes little effort for a customer to tweet or post negative remarks about the service you provide.
Everyone cares. Your reputation, brand and customer satisfaction ratings matter to you, your customers and regulators. It’s a three-sided relationship in which everyone cares about information security. A data breach—even the likelihood of one—can harm your brand and even affect your profitability. Because, guess what regulators look at when you apply for a rate increase? Your customer satisfaction ratings. Lower customer satisfaction can often squash your rate case.
Can the cloud “solve” these and other security issues?
If everyone cares so much about data security, how do utilities ensure they are protected?
It may seem counter-intuitive, but many companies are finding the cloud provides greater security measures than their own. The threat landscape continues to change. Attacks are more frequent, more sophisticated and more determined all the time. That means your physical defenses, not to mention your staff’s training and expertise, need constant refreshes. Staying up to date is one burden a cloud service provider can relieve you of.
Beyond caring, your utility needs a plan. Yet, utilities often lack the preventive measures, business continuity processes and rapid response teams a cloud provider can offer. Such rapid response teams deliver an average cost reduction of $400,000 per data breach.
Still wondering if storing data and running applications outside your utility’s data center makes you more vulnerable, not less? If so, we joined TMG in a recent webinar to help you better understand how cloud providers manage security.