When doing the math on how much it costs to implement a good data protection service, some companies find everything too expensive and postpone planning. But only those companies that insist on focusing on the easiest calculation, the one that is obvious and involves budgets for antivirus and IT tools, believe that cyber security can be left for later. In this scenario, the most important thing is left out.

We need, first of all, to put on paper the cost of not protecting.

Brazil had the highest share of users attacked by phishing scams in the first quarter of 2019, according to Kaspersky, an international company that produces internet security software.

Also according to the data, in the same period, the technology prevented, worldwide, 111.8 million attempts to direct users to fraudulent sites.

We arrived in 2020 and already in those first months, with the coronavirus pandemic, we saw all the variations we were used to having in the cybersecurity environment skyrocket. To get an idea, in recent years, the ISH teams working in SOCs monitoring and preventing attacks by cybercriminals, got used to living with changes in attacks, month by month, that did not exceed 8%. The oscillation was predictable because it used to be noticed in specific periods, such as the Income Tax delivery, the one before Black Friday, Christmas shopping, among others. But even though the damage attempts grew, nothing went over 8%.

From January to now, what we had never seen before has happened.

The intensity of the attacks more than doubled: it reached 220%. It is estimated that more than 2 million Brazilians have been victims of hacker scams involving terms "COVID-19" and "coronavirus". In a survey carried out by ISH engineers, in March alone, new 21,000 malicious artefacts of the file type, 73,000 IP addresses and 36,000 websites were created and placed on the Internet, all using the pandemic as bait to apply scams.

Cyber-attacks and security breaches will occur and negatively impact businesses, there is no longer any doubt about that. Therefore, the question is no longer whether a company will be hacked, but when it will be.

How much does it cost not to protect?

The damage caused by security breaches grows year by year. In Brazil, in 2019, the average cost of a data breach was R$5.4 million, an increase of 18.93% compared to 2018. This year in the United States, that figure is already at US$5 million.

And the financial impact of a data breach is not just felt when it happens. The consequences follow in the long term. While an average of 67% of breach costs are realized in the first year, 22% accrue into the second year and 11% go beyond two years after a breach.

No wonder that the value of insurance for data leakage is rising and often does not cover all the damage generated. It is increasingly difficult to make the bill close.

So when we think about cybersecurity in the enterprise environment, we are no longer talking about simply applying more technology to the organization's processes. We are talking about operating in a hyper-connected world, where protection needs to be part of the strategy, ensuring the confidentiality of information and facilitating business.

By Allan Costa