As published in Digital Insurance, “Navigating Breach Recovery Costs to Slash Inefficiences”
As published in Digital Insurance, “Navigating Breach Recovery Costs to Slash Inefficiences”
In 2024, the global average cost of a cyber breach incident is projected to be at US$4.88 million with the global cost of cybercrime projected to be $9.5 trillion. Just four years ago, it was estimated that the cost of data breaches would be $2.1 trillion annually. What is most ironic is that there are many cyber incidents that go unreported–especially in countries outside of the USA. Did you know that most reported data breaches are in North America simply due to strict disclosure laws?
Without those disclosure laws, cyber incidents can go unreported, which raises the question – if North American companies are reporting their cyber incidents more openly than other countries, is your data safe if you send it offshore?
International data transfers are an unfortunate norm in today’s Digital Forensics and Incident Response (DFIR) landscape. Let’s look at some of the risks of offshoring your data mining after a data breach.
Without a secure forensics lab, your already compromised data is at risk of being lost, stolen, or otherwise mishandled (again). Beyond physical security that could be lacking in their facilities, many offshore facilities still use legacy systems along with outdated technology that increases the risk of your data being compromised (again). Additionally, one may very well assume that facilities in other countries are not subject to the same strict governmental and legal regulations in the United States. Without those legal protections, companies are left with limited options for redress when it comes to secondary cyber incidents. Leading data mining companies like Actfore have secure forensics labs locally in the USA eliminating the need for risky international data transfers.
It is a common misconception to assume that conducting incident response offshore reduces costs. Unfortunately, moving information technology work overseas can be much more expensive than it seems. According to Meta, lags in productivity can add as much as 20% in additional costs when offshoring. In fact, several categories of offshoring show more than 400% cost overruns due to distance and poor process fit. Despite the perception that you can save up to 80% on labor by offshoring, between overruns, lack of process consistency, and other concerns, companies often end up saving less than 20% – and put their data at risk in doing so.
The reason that international data transfers are common in data mining is because a majority of data review is done manually. The dominance of manual review in incident response motivates companies to consider less costly countries from a labor perspective. However,, without strict quality control measures in place. Reliance on a human labor force to comb through data identifying any compromised information, means a serious burden is up to individual judgment. For example, a worker not realizing that Tim is the same person as Timi, whose name was misspelled in a previous entry, for instance. The lack of automation driving offshored data mining means inconsistent and weak quality control.
The transient workforces of offshore labor centers also add to your vulnerabilities both from a security and training viewpoint. Candidates may not be vetted as thoroughly as they are in a U.S.-based company via background checks, and they may not have received the same high-level security training on data handling and many other vital best practices
While offshoring data mining may seem like a cost effective solution to a data breach, it opens you up to the risk of secondary cyber incidents and the lack of automation in offshore data mining operations means that you are wholly reliant on the judgment of workers unfamiliar with the context of sensitive data when determining the extent of a compromise. The sum total results in poor quality output, inconsistent timelines and unpredictable cost escalations. Instead, look for partners who have secured and local forensics labs.
Like what you see? There’s more where that came from.
By submitting this form, I consent to being contacted by Actfore Inc. in accordance with the privacy policy. I will be able to opt-out at any time by unsubscribing.
