The true cost of a Cyber Attack: the case of EasyJet Data Breach

The British low-cost airline EasyJet announced days ago that suffered a “highly sophisticated cyber attack”, which has affected more than 9 million customers worldwide and that important personal data, including more than 2,200 three-digit security code (CVV) had been stolen. From the end of May, the company has been warning customers whose email addresses had been stolen to be extremely wary of phishing attacks.

At RedSpam we were promoting some cyber security best practices during the coronavirus outbreak, but the numbers and stats are there: more than 1 cyber attacks per minute in 2020. As the world becomes even more reliant on technology and cyber criminals refine and intensify their attacks, do you really believe the cyber security budget can be put on hold at this time?

Indeed, EasyJet faces an £18 billion class-action lawsuit over data breach, and if successful, every customer impacted by the breach could receive a payout of £2,000. This potential liability has been issued by a law firm in London, taking the action under Article 82 of Europe's General Data Protection Regulation (GDPR), which gives customers the right to compensation for inconvenience, distress, annoyance, and loss of control of their personal data.

The British airline announced the breach on May 19, but it occurred four months earlier, in January! The company delayed telling those affected customers that they could be at risk for months. This is a terrible failure of responsibility that has a serious impact on their customers and leaving them open to attacks. However, other long-term consequences can be worse than this data breach, as people will not trust in a company that hide the attack and exposed millions of people against attacks. This leakage of sensitive information that affected millions of people and the class-action lawsuit is not the only worry for the British airline, as it remains to be seen whether EasyJet will also face a fine from the Information Commissioner’s Office (ICO). The watchdog’s guidance states that failing to notify a breach when required to do so can result in a significant fine up to 10 million Euros or 2% of a company’s global turnover.

This is just one recent example of a potential cost of a data breach and how much it can affect to an organisation. Moreover, since more and more organisations are now working from home (some of the major tech companies even permanently), the workforce remote practices can put the organisations’ data under threat, and 57% of IT leaders believe remote workers are a security risk during lockdown. Increasing awareness among employees is essential, but it is important to discover and address the vulnerabilities.

Having a solid cyber security budget and strategy is now more important than ever. As cybersecurity systems evolve to create a better offence and defence against new methods of attack, the cost of cybersecurity is rising. Greater hands-on management can prevent and mitigate incidences, but it can also drive up costs. But the good news is that this focus on better cyber security is paying off.

How to Maximise Your Cyber Security Budget and System Safety?

To find out more about how best to invest your cyber security budget, you can talk with one of our experts, who can guide you around the RedSpam Managed Solutions portfolio and the existing free tests and offers during these months. Our support team monitors customers’ digital assets 24/7/365 and we ensure 15 minutes’ SLA (service level agreement). Our global team is ready to react and hit the downtime with a 100% record!