MIDWEST CYBER
SECURITY ALLIANCE
The Midwest Cyber Security Alliance (MCSA) is a nonprofit, nonpartisan collaboration of individuals, businesses, government entities, and professional firms advocating for more effective cybersecurity solutions. MCSA's mission is data privacy and security through education, specifically cyber preparedness and security awareness. The organization is a meeting place for all cybersecurity stakeholders, in every industry, to collaborate on current cyber threats as well as cyber defenses and strategies, and we help information security and privacy professionals design and implement strong and effective cyber security programs.
The Midwest Cyber Security Alliance is proud to be a Champion for Cyber Security Awareness Month in October 2024, for the 4th consecutive year. We do this to celebrate the cyber security community and provide awareness to the criticality of cyber and information security programs.
WHY IS CYBER SECURITY CRITICAL TO AN ORGANIZATION?
According to the 2024 IBM Security / Ponemon Institute Cost of a Data Breach Report involving 604 organizations across 16 countries & geographic regions, and 17 industries:
-
The average cost of a data breach in the US is $9.36M
-
The healthcare sector's breaches cost an average of $9.77M
-
Stolen or compromised credentials was the initial attack vector in 16% of breaches; Phishing was the second most frequent initial attack vector at 15% of breaches
-
70% of organizations experienced a significant or very significant disruption to business as a result of a breach, usually leading to the increase of costs of its products and services
-
2/3 of organizations are using AI and automation to help secure their environments, and they generally saw shorter times to identify and contain breaches, and cost savings of $2.2M
-
65% of ransomware victims involved law enforcement and avoided paying a ransom
-
1/3 of breaches involved shadow data
-
The average time to identify and contain a data breach is 292 days
-
The root cause of 55% of data breaches is malicious or criminal attacks, followed by 23% for IT failure, and 22% for human failure
-
Excluding law enforcement in a ransomware attack led to $990,000 in additional costs
-
63% of organizations increased security investments after a breach (Incident Response Plan development and testing were the most important investments, followed by threat detection and employee training)
-
Employee training is the factor with the most positive financial impact on reducing the cost of a data breach
To reduce the risk of cyber incidents, successful Information Security Programs involve a multidisciplinary team that includes Executive Leadership (CEO, CFO, COO, etc.), Risk Management, General Counsels, Security Officers, Privacy Officers, Compliance Officers, Human Resources, CIOs, and relationships with external agencies. Organizations should implement strong, risk-based security and privacy controls that evolve to reflect the changing threat landscape.
FOLEY'S STATE DATA BREACH NOTIFICATION LAWS CHART
A one-size-fits-all approach to breach notification will not suffice, as most state are responding with increasingly frequent and divergent changes to their statutes, creating challenges for compliance. Organizations must make it a priority to monitor these changes to prepare for and respond to data breaches. Download Foley’s State Data Breach Notification Laws Chart for a summary of basic state notification requirements that apply to entities who “own” data.
