How Much Does a Data Breach Cost?

Cybersecurity often seems like an expensive proposition to many companies. There are annual evaluations to make sure you’re maintaining compliance, expensive programs to put in place, and extensive measures that have to be taken in order to provide true protection to your business. What you should be asking yourself, however, is not what the cost of your protections will be, but rather what a data breach has the potential to cost your business. How much does a data breach really cost?

Data Breaches are Increasingly Common

In today’s fast-paced society, there’s a new data breach approximately every 58 seconds–and you can’t predict where it’s going to strike. A wide range of big-name businesses have experienced data breaches in recent years, including Equifax, Verizon, Target, and Kmart–but savvy hackers also know that small businesses lack the protection of their larger counterparts, making them an attractive target for hackers that are looking for a quick way in. That makes it necessary for every business to be prepared for a potential data breach and to put protections in place that will help prevent those consequences from being even more serious.

The Cost of Lost Data

The global average cost of a data breach is around $3.6 million. This accounts for approximately $141 per data record stolen–and since breaches tend to be large-scale, it doesn’t take long for the cost to start mounting. In the United States, that number is higher: around $7.3 million dollars. Obviously, this number depends substantially on the size of the breach, which is also limited by the size of your company and the amount of information you process and store at any given time. The cost of lost data may also depend on a range of other factors, including:

  • Your industry, since some information is more valuable–and more difficult to fix for your customers–than other types of data.
  • Your response time. How long did it take you to notice that there had been a breach? How quickly did you respond?
  • Were your systems shut down as a result of the breach, causing you to miss out on potential customers?
  • Was the attack caused by a malicious insider already within your organization, with higher-level access, or by simple negligence or a broad-spectrum attack?

Where Does the Cost Come From?

The cost of lost data comes from a wide range of sources. Typically, it’s not replacement for the cost of the data itself: only a small percentage of the data stolen in these types of attacks is actually rendered unusable, and most companies now have backups in place to help them restore system functionality quickly and efficiently even when they are the victims of a cyber attack. The true cost of lost data lies in a variety of sources.

Customer Churn: Many customers no longer want to work with a company that has experienced a data breach, and will choose to leave as a result of the incident. In other cases, there may be lost customer opportunities due to system downtime or customers who are wary of starting a relationship with your company following a breach. Customer churn can have a huge impact in the overall cost associated with your data breach: companies who lose greater than 4% of their customers tended to experience an average loss of over $10 million, while companies who lost less than 1% of their customers as a result of the breach dealt with a loss of just $5.3 million on average.

Customer Notification: When you’ve been breached, you have to notify your customers and give them the opportunity to protect their personal data. Notifying customers is one of the early steps in your response plan, but there can be substantial cost to notify all of your customers.

Remediation: It can take as many as 46 days to deal with and contain the loss associated with a data breach. Remediation costs are often high and accelerate as it takes longer to contain and handle the breach.

Legal Costs and Fines: In many cases, if your business fails to meet industry regulations, you can be subject to fines as a result of the data breach. Dealing with those legal costs and associated fines can be devastating for many businesses.

Monitoring and Other Services for Victims: When your data has been breached, you need to help protect your victims. This may include offering credit monitoring, providing new credit cards, and other key services, depending on the type of data that was breached and what needs to be done about it.

Decreasing the Cost

If you’re hoping to decrease the potential cost of a data breach for your business, there are several key steps that should be taken.

Go beyond compliance. Compliance regulations are slowly catching up, especially with the introduction of GDPR, but compliance still isn’t the same thing as security. Understand the difference between the two and go that extra mile to provide true security for your vital data.

Train your employees. Let your employees know exactly how they should respond in the event of a data breach. Who should be notified? What responsibilities does each member of the team have? Who needs to respond? You should also create a policy that shapes how employees respond publicly in the event of a data breach, including what information is okay to share and who is allowed to speak with the media or post to social media sites.

Create a response team. Not only should your employees know who to turn to, there should be a team in place to handle a data breach as quickly as possible. You want a competent team who knows what they’re doing and can help turn this disaster around so that you can maintain public relations and keep your business running as smoothly as possible.

Dealing with a data breach is exceptionally costly–and maintaining your security is the most effective way to both decrease the potential for an incident and to be sure that you can minimize the cost if you are hit by an attack. By working with an experienced team of security professionals, you can provide higher-level security for your business and ensure that you’re in the right position to protect your company.