Are you prepared to face a $4.24M data breach?

The question is not if your business will suffer a cybersecurity attack. It’s when.

That’s the ethos driving the work of the Infinite Blue team, founder and CEO Frank Shultz said. The Collegeville-based SaaS company uses its low-code platform to help businesses with extensibility develop business continuity software.

“The threat of a cybersecurity attack is universal, no matter if it’s a publicly traded company or a privately held company,” Shultz said. “Cybersecurity has risen up to the executive level. It’s something that everyone on a board has, at some point, woken up in a cold sweat in the middle of the night thinking about.”

The state of cybersecurity

According to IBM’s 2021 Cost of a Data Breach report, the average cybersecurity breach costs an affected business $4.24 million. That dollar amount is the highest recorded in the study’s history, up 10% from the average cost reported in 2020.

Frank Shultz. (Courtesy photo)

In addition to the potential financial cost of a cybersecurity breach, it could drastically disrupt day-to-day operations. Hackers could also access clients’ crucial information, such as Social Security numbers, dates of birth, financial data and personal health information.

“One of the largest risks of a cybersecurity breach is your relationships,” Shultz said. “If people lose trust in you, they’re not going to come back.”

Another malicious truth about a potential cybersecurity breach is how long hackers typically work in the background before being discovered.

On average, companies identify and contain a data breach within 287 days, according to the IBM report. To put that statistic in perspective, if a cybersecurity attack began on Jan. 1, the breach would not be resolved until Oct. 14.

“It takes that long to uncover sometimes because there can be so many points of contact within a business,” Shultz said. “With so many interconnected systems that we have in our organizations, it can be a lot for a business to monitor on its own in case of a breach.”

How Infinite Blue prepares its clients

Since Shultz founded the company in 2013, Infinite Blue has helped businesses establish resiliency plans in the face of risk such as data breaches, natural disasters or a global pandemic. (Speaking of pandemics, cybercrime reportedly increased by 600% during the COVID-19 shutdown.)

One of Infinite Blue’s key offerings is its in-house resiliency software. Its flagship product BC in the Cloud helps clients map out their internal processes so they can aggregate data on their teams’ day-to-day work. This allows clients to develop informed recovery plans based on data about a potential breach’s impact.

Mike Jennings. (Courtesy photo)

In addition to its technology, Infinite Blue has an experienced team to support clients.

Shultz himself has 18 years of business continuity experience. Mike Jennings, the director of advisory services at Infinite Blue, is a 27-year industry veteran. Before joining Infinite Blue in January 2021, Jennings held several advisory roles, such as his post as the executive leader of Blue Cross Blue Shield’s business continuity program.

Jennings helps Infinite Blue clients establish a cybersecurity response program. Each client varies, but Jennings said all programs likely rely on communication with every level of an organization. Discussions about cybersecurity should be proactive, perhaps in the form of an education program for employees and stakeholders.

Jennings noted communication is critical in the event of an attack — internally and externally.

“If an organization suffers an attack, and it’s out there in the public domain, it’s incumbent upon that leadership team to have their crisis communications person out there talking,” Jennings said. “They don’t have to give every little detail or disclose inside information, but they need to acknowledge it and make sure that people understand there is a plan.”

One common takeaway? If your business does not prepare for the worst-case “what ifs,” it will hurt that much more when they occur, Jennings said.

“It can be incredibly stressful for a client when an incident happens,” Jennings said. “What I really enjoy about my job is that I’m helping people and organizations be more secure. And at the end of the day, Infinite Blue is able to help our clients recover very quickly so they can get back to their business. That matters.”