How Much Will a Data Breach Cost You? It Depends

We've written about security quite a bit – and our open house last month was focused on security topics.

As we bring more managed network services to you, we'll continue to focus on security issues – risk, cost, tips, etc.

Most business leaders we talk to understand, at least generally, that cybercriminals are on the prowl and the they could be at risk. Even in our personal lives, it's hard to block out the numerous TV and online ads we see daily.

But they – you – have a business to run and you're often focused on two things:

1. What's it going to cost?
2. What's it going to cost me if I don't do it?

I've written about the hidden costs of a data breach before (you can read that here).

Today I'll go over some of the factors that contribute to the total cost of a data breach. 

You do need to know that it's going to cost you. How much will vary – particularly depending on the size of your business.

When looking up figures, millions of dollars are commonly cited because the focus is on large organizations. The Ponemon Institute gives an average data breach cost of $3.62 million in its 2017 Ponemon Cost of a Data Breach Study. That's for large businesses.

Kaspersky Lab research puts the average cost of a data security incident at $1.23 million (24% higher than the $992,000 average in 2017).

For SMBs, Kasperky shows an even higher percentage increase for data breach costs – from $88,000 to $120,000.

Company Size

I know, shocking – the larger the company the higher the cost. While the large average numbers for large businesses are eye-catching; the smaller figures are just as or more damaging for SMBs.

Location and Industry

Different countries and industries have different regulatory requirements. Fines and other impacts from a data breach of similar data could differ depending on both of these factors.

Type of Data/Records Breached

Lose emails or addresses in a breach and the cost might not be large. As information becomes more sensitive – social security numbers, credit card or other payment information, health information – the higher the cost of the breach will be. A breach of health data could subject you to HIPAA-related fines. Lose credit card data and you could be required to provide free credit monitoring to affected customers.

Who Caused the Breach

Internal breaches are often less costly than a 3rd-party breach, UNLESS the internal breach was done on purpose.

Operational Costs

If the breach disrupts or stops your operations, you'll lose revenue because you won't be able to sell product to customers. If you're a service-based business, an inability to perform services according to established SLAs will have direct costs too.

After the Breach – Investments

Once breached, a review and possible upgrade of your network security infrastructure will take time and cost money if you decide to upgrade.

Investigative Costs

If you can't figure out the cause of the breach internally, you may need to bring in a 3^rd party to figure out how you were breached.

Planning and Strategic Disruption

While a business' leadership is focused on the fallout of a data breach and minimizing the consequences, they aren't focused on improving the business and planning for the future.

Other costs could be halting a sale or merger of the business or even a class action lawsuit if a large enough number of customers had their data exposed.

Cybercriminals are out there, looking for an opportunity to steal data that they can use or sell. This is a serious threat that everyone needs to take seriously. A good first line of defense is a secure perimeter – your firewall, monitoring, and anti-virus tools. You don't have to manage your network yourself. Consider managed network services as a potential answer to the challenge of preventing a data breach.