Focus on what counts
Insights

The Dangers of Breach Fatigue

October 30, 2020
view all archive

It is rare that a week goes by without a major news story involving yet another colossal data breach. Regardless of the catastrophic costs incurred after a breach, there is a growing fear that cyber-attacks have become so commonplace that businesses are suffering from “breach fatigue.” After an unending barrage of breach news alerts, businesses may feel hopeless and make the dangerous mistake of no longer investing the proper resources into their cybersecurity defenses. The following is a sampling of mindsets that can result from being desensitized to the incessant breach headlines:

  • “If big businesses can’t protect themselves from attack, why should my business waste resources trying to prevent the inevitable?”

    • The inevitability of a breach is not set in stone. Offering periodic awareness training, completing risk assessments, conducting vulnerability testing, and taking other basic precautions won’t break the bank and instead make attackers move on to look for a weaker target.

  • “Instead of proactively putting my money into cybersecurity defenses that seem incapable of stopping attackers, I acquired cyber insurance, so even if my business gets breached, we’re covered.”

    • While cyber insurance will help defray some of the costs resulting from a breach, insurance will have limited success in addressing the reputational damage after an attack. Customers will be reluctant to do business with a company that cannot protect their data from attackers, so prevention is intricately entwined with a company’s financial success.

  • “My business isn’t big enough for attackers to waste their time on the unimportant information we have.”

    • Almost half of all cyber-attacks happen to small businesses, so hoping to fly under the radar of attackers has proven to be a very ineffective strategy. Criminals will often attack smaller businesses in order to use them as a conduit to larger victims they may do business with. This tactic was perfectly illustrated by a small HVAC company in New Jersey being compromised to create a beachhead to Target, resulting in a massive credit card data breach.  

Regardless of a company’s size, a business must resist the temptation to give in to breach fatigue and do their best to keep fighting to protect their information. If you need additional resources to help with this fight, Citrin Cooperman’s TRAC team is here to help. Whether it be a SCORE Report TM cyber risk assessment, penetration testing, or cybersecurity awareness trainings, TRAC can help you stay safe from cyber-attacks and avoid becoming that next data breach headline. 

Kevin Ricci, CISA, CISM, MCSE, CRISC, QSA
Principal
kricci@citrincooperman.com