The Average Cost of a Data Breach is $4 Million – Can Your Team Afford That?

By October 15, 2020

Institutions making headlines for data disasters is becoming common place. For financial institutions, not only will a breach gut their brand trust, but not having the processes and technologies in place before hand will result in heavy fines–and probably a change in IT leadership.

financial-roll-the-diceOur banking and finance customers are operating in one of the most regulated industries in the world – with critical and mandated requirements for data retention, archiving, and recovery.

Being out of compliance is playing with fire

Leaders who drag their feet on infrastructure investments to keep them in compliance are playing with fire and putting the entire company at tremendous risk. Here’s just a sampling of the guidelines and regulations governing data protection for U.S. financial services companies:

  • Gramm-Leach-Bliley Act (GLBA) – protects consumers’ personal financial information, including secure data backup.
  • The Payment Card Industry (PCI) Data Security Standard – defines controls around cardholder data to protect against credit card fraud.
  • Sarbanes-Oxley Act (SOX) – covers user access control, physical and digital security, and data retention policies.
  • The Financial Industry Regulatory Authority (FINRA) – reviews firms’ controls and approaches to cybersecurity risk management and assesses their ability to protect the confidentiality, integrity, and availability of sensitive customer information.

In its Recovery Planning Handbook[1], the U.S. Office of the Comptroller of Currency lays out the criteria for recovery and resolution planning that its examiners use when evaluating and supervising covered banks. The OCC describes a recovery plan’s purpose as a framework for banks to effectively and efficiently address the financial effects of severe stress events (such as severe financial losses or fraud) and take action to restore financial strength and viability.

A compliant data resiliency strategy includes having compliant backup storage capacity. If your organization finds yourself consistently running up against the clock on adding capacity your out of compliance and in a high-risk situation. 

Your infrastructure needs to be ready to easily scale to meet your constantly evolving business needs and meet regulatory requirements.

Non-compliance is only one aspect of the high cost of compromised data

A data breach can be an incredibly costly occurrence for any organization; in fact, Canadian lender Desjardins Group recently reported that it had spent $70 million (US$53 million) recovering from a 2019 breach that exposed personal information of 2.9 million members.[2] And that’s not an isolated example.

The financial impact of suffering a data breach is high for any-sized organization; in fact, a new report from IBM and the Poneman Institute pegs the average cost of a breach in 2020 at $3.86 million.[3] The “long tail” of data breaches means that organizations will be paying the price for years afterwards – not only in non-compliance fines and penalties but in lost revenues and eroded customer confidence.

With Compass, Cobalt Iron addresses these data protection challenges head-on

As an enterprise-scale data protection solution, Compass is an ideal solution for meeting the unique and complex backup requirements of financial institutions. The platform’s industry-leading ransomware protection features, pay-as-you-grow SaaS delivery model, and extensive automation are all geared toward helping organizations mitigate risk, reduce costs, and stay in compliance.

Here are some specific ways that Compass uniquely offers data protection and supports compliance for the financial industry:

  • Rapid disaster recovery and anti-ransomware readiness.
  • Protected policy management and role-based access controls.
  • Automated backup architecture with robust compliance and auditing capabilities.
  • Physical, virtual, cloud, and hybrid-cloud options to meet backup and recovery requirements.

A Banking Case Study

Committed to serving individuals and small- to mid-sized businesses, this Cobalt Iron customer has 11 full-service locations throughout its midwestern state. The bank’s previous backup solution was inefficient, time-consuming, and left too many potential points of failure. “If we had a real disaster, I was not confident that I could guarantee we could restore and recover everything,” says the bank’s vice president and IT manager.

The bank has been able to consolidate three legacy backup systems into a single Cobalt Iron private cloud solution with two Cobalt Iron accelerators. Data is backed up each night to the primary data center and then replicated tapelessly to a secondary location, providing additional protection from a disruption or natural disaster.

The results are phenomenal: an 80% reduction in management time, a 75% reduction in annual courier costs, and a 20% reduction in overall backup costs. Comments the vice president/IT manager, “The service eliminates a lot of worry by making sure the servers are healthy, dealing with failures, ensuring recoverability, and taking care of updates and patches. I definitely do not lose any sleep over backups anymore.”

There’s a lot more to this story. The team at Cobalt Iron is ready to show you how your financial business can reap similar results through world-class enterprise data protection.

For a free demo and data protection consultation, connect with our team today.


[1] “Comptroller’s Handbook: Recovery Planning Version 1.1,” U.S. Office of the Comptroller of Currency, March 2019.

[2] “What is the Cost of a Data Breach?”, CFO, August 13, 2020.

[3] “How much would a data breach cost your business?”, IBM.

< Back to Blog