What is the actual cost of a data breach?

Image credit: Pixabay

Technology has drastically transformed the way business is done. The benefits cannot be ignored because tech offers the amazing capacity to decrease costs, along with boosting efficiency and productivity. 

Although there are numerous benefits associated with integrating tech, it’s important for decision-makers to remember that with those benefits comes additional levels of responsibility for businesses. 

Today's organizations collect, process, and store records in digital format, which opens a huge level of vulnerability. Unless proper and proactive precautions are made, records can be lost through hacking, theft of equipment, loss of devices, or simply through human error.

When the costs of a data breach are discussed most begin to calculate the financial costs associated with fixing the mess. While there are indeed many financial costs connected with a data breach, there are other costs the business that has been breached will absorb as well.

When considering the actual costs of a data breach it’s important to factor in all tangible and intangible associated with the security break.

Financial costs 

According to Network World, a data breach in 2006 would have cost a company $5 million dollars, or $182 per record, in financial damages.  Statistics in 2008 indicated the average cost of a data breach increased to about $197 U.S. dollars per record. However, over the years, additional studies indicate it has been hard to nail down an actual figure. 

Fast forward to 2015 and many massive data breaches have occurred. This year, Verizon and Ponemon Institute/IBM each contributed a report. Analysts have better identified actual figures based on data rather than estimates. Costs per record appear to be lower than the identified in earlier years, however the number of incidences and methods used by cybercriminals continues to rise, increasing the costs.

Past breach history indicates many of the exploits that occurred annually were due to stolen or lost laptops, PDAs, and other portable devices. Today the most data breaches are associated with POS attacks, crimeware and cyber-espionage, adding to the increased risk of mobile breaches. There are other factors involved which can shift the cause behind a breach, but either way, it boils down to the root cause involving the actions of people.

When a breach occurs, there is a lot of cash to shell out to deal with the immediate aftermath of a data breach. However, the costs go far beyond the immediate. There are other long-term costs to think about, and these are harder to pin down.

Security experts generally hold the opinion it is less costly to put proper defenses in place vs. dealing with an exploit. There are a lot of factors that are likely not known or fully considered when trying to calculate the true cost of a data breach. Here is a brief overview.

Image credit: Pixabay

Impact on a company's brand reputation
The true impact of a breach on a company's reputation is hard to measure. Since brand reputation is one of the most valuable assets a business can possess, this is a good motivator for businesses to carefully protect data.

While immediate expenses associated with a data breach are easier to calculate, it’s much harder to configure the long-term damages a company can experience. Once security is broken and a company is identified as losing a large amount of data and/or being careless with security, this impacts the trust people had in a company.

If people don't trust their PII (personally identifying information) with a brand, they’ll be less likely to purchase from the business in the future. If consumers or B2Bs no longer want to associate with the brand, this may have a devastating long-term effect on the business, making them lose their competitive advantage or perhaps even affect their ability to turn a profit.

Impact on future profits

After a breach, it’s likely that, in addition to the money that will need to be paid out in order to cover legal, notification, heightened security and other breach associated fees, businesses will need to be concerned over future profits.

If the population's trust in a business is destroyed, a company may experience difficulty regaining the faith of their customers or clients or a positive ability to try to attract new ones. It’s hard for many companies to face the challenge of gaining public trust once the business becomes known as one that compromised sensitive records.

In addition, it may be difficult to forge partnerships with other businesses because they may be inclined to shy away from being associated with a company with a sullied reputation. This aspect further impacts the potential for the company to increase future profits.

Increase or modification to existing security measures

Another cost associated with a data breach is the fact that the organization has to revisit standard operations policy and examine physical security measures to see how these can be improved. Once vulnerabilities are identified, these will need to be fixed to prevent additional breaches. 

Unfortunately, it is common for a level of complacency in organizations to be present until a breach actually occurs, so companies may have to "undo" previously established habits and procedures which entail retraining and modification of policies which also carries a cost.

The best preventative is to be prepared for a breach and create specific protocols and put in place protective policies, tools and constraints to protect data; then the risk is significantly lowered.

Image credit: Pixabay

Laws are evolving to illustrate this by adding accountability in terms of legal processes which must be followed in the event of a data breach. It remains to be seen just how this will affect organizations in the future as more governments visit these kinds of regulatory constraints which also will carry a cost. Think of the expenses associated with HIPAA, SOX, and other similar laws.

Times are changing

Long gone are the days where the primary risk was having an office broken into and files stolen from desks. Today's records are stored on servers, either locally or on the cloud. The use of mobile and BYOD further adds to the risk. Any thief can try to intercept records from remote locations in order to gain access to valued sensitive information.

As network, computers, and mobile continued to expand, the potential for a data breach has increased along with it. This is a primary reason why a higher level of responsibility falls on those who manage this data and those holding the purse strings. It is imperative in today's environment to take precautions in order to avoid a data breach. It's an issue that cannot be ignored.

Data breaches are costly in many ways including financial, reputation, assets, legal costs and new preventatives. While these are high costs, unfortunately those who have been affected by their personal records being exposed are ultimately paying a high price. Just ask those involved in some of the major hacks over the last few years. 

Even with the strongest of efforts to safeguard data, nothing is 100 percent secure. But to ignore it? That's just begging for trouble.