Data breaches are expensive. You might have read much good advice on the importance of avoiding a data breach or about the cost of a data breach. You might have held off following that advice because the solutions are expensive, or a data breach isn't something that will happen to your business.
However, a data breach will always be more expensive than the solutions put in place to stop them.
There are obvious costs such as fines or putting new security in place. However, there are also many hidden costs and its these costs that make a data breach expensive to a business
In this article, we will look at a recent report that has helped outline an accurate cost of a data breach to a business.
The real cost of a data breach
The Ponemon Institute specialises in research of data protection and emerging IT. In association with IMB, they created a global study into the cost of a data breach to a business.
Before we look at the true cost of a data breach, I want to highlight a few key findings from the report
Firstly, the overall average cost per data breach increased by nearly 7 per cent (6.6%) compared to last year. So the average cost to each business hit by a data breach is increasing.
"average cost per data breach increased by nearly 7 per cent"
Secondly, the report found that the Health industry had the highest on average per data breach. Financial and services came second and third. The financial sector is also the most frequently affected by data breaches.
Being the most frequent industry affected by data breaches, and being the second most costly on average is terrible news for financial firms. It makes it even more critical their IT security is doing what it should, and they have a comprehensive disaster recovery plan in case of a breach.
The final interesting finding I'd like to mention is the common root causes of a data breach. The most common is a malicious or criminal attack (48%), but over one-quarter of all data breaches are because of human error (27%). With the right training and the right, IT support in place, that number can be reduced.
What to consider to work out the true cost of a data breach
The report highlights four main types of cost that help you work out the real cost of a data breach
Data breach detection and response
The faster the data breach can be identified and contained, the lower the costs. Globally the UK has the 3rd fastest response time in detecting a breach, but that still averages out at 163 days. Imagine how much of your businesses data could be breached in 163 days.
"average detection of a data breach takes 163 days"
Data breaches that take over 100 days to be identified are on average 35 per cent more expensive than those discovered in under 100 days.
When calculating the cost, consider if your business would have to outsource extra resources to detect a data breach.
Once a data breach has been detected, the time it takes to contain the data breach (from fixing the cause of the breach through to making it right with your customers) also affects the total cost. Data breaches that take longer than 30 days to contain are 38 per cent more expensive than ones that take less than 30 days.
Many businesses will fail to consider the cost of communicating to their customers about the data breach. There are labour costs for creating communications, such as letters, emails, and phone calls. Do you need a third party to handle the receiving replies or calls from customers?
Also, remember to include the costs of contacting data protection regulators and other compliance regulators within your industry.
Lost business and reputation
People have read enough about data breaches to know how serious they are. Even a brand as big as Facebook has lost customers over their recent breaches of data.
Whether the data is sensitive or not, customers will not be happy, so expect to suffer a loss of business. A data breach will affect your ability to retain customers and also finding NEW customers. A poor reputation can go as far as to shut a business down.
After all the costs we have already spoken about a data breach can lead to penalties from regulators. Fines will vary depending on the severity of the violation and also your industry. This is one of the reasons the cost of a data breach is much higher in the finance industry. They have much more regulators and compliance to follow, so when there is a data breach that will mean more fines.
A data breach will not cost your business millions of pounds, but it will be expensive. Identifying the source, improving security, making things right with customers and clients, and the potential of being fined all increase the cost.
That cost will be higher than investing in the tools and services that will help prevent breaches. For more information on how you can protect your business from a data breach or help with what to do after a data breach has happened, get in touch. Contact us here, email email@example.com or call us on 01634 52 52 52