The internet has made it possible for small businesses to thrive using digital tools for marketing, payments, record-keeping, and more. However, that convenience comes with risks. The growing quantities of sensitive information stored online pose an immense responsibility and liability to the businesses that hold this data.
Unfortunately, bad actors trying to access valuable data are only increasing their numbers and efforts. The 2024 edition of Verizon’s Data Breach Investigations Report included over 10,000 confirmed data breaches, a record over previous years.
Data breaches are often extremely costly events for businesses. This column outlines some potential costs and risks of data breaches, along with suggestions to strengthen cybersecurity posture.
Who is at risk?
Any organization that possesses valuable data is potentially at risk for a data breach. Valuable data could mean customers’ personal information, like credit card details, medical records or data that is private to the company, such as proprietary information or classified government documents.
Small and medium businesses may be particularly vulnerable to a data breach. Former commissioner of the U.S. Securities and Exchange Commission Luis Aguilar summed it up with this statement: “Small and medium businesses face precisely the same threat landscape that confronts larger organizations, but must do so with far fewer resources.”
What are the costs?
A data breach produces two broad categories of costs: direct, tangible costs; and indirect, intangible costs. Data breaches can be especially devastating to smaller businesses as they may not have the resources to recover from direct monetary costs needed to handle them. On the other hand, larger organizations may suffer millions of dollars in losses from indirect, intangible costs such as damaged investor relations.
Some examples of tangible data breach costs include:
Some potential intangible data breach costs include:
The annual Cost of a Data Breach Report sponsored by IBM and conducted by the Ponemon Institute found that the average cost of a data breach across organizations of all sizes in 2023 was $4.45 million. The cost for businesses with under 500 employees was not much better, at $3.31 million.
Ransomware has been a growing threat for businesses of all sizes. According to the Sophos State of Ransomware 2024 report, the median payment for a ransomware attack is $2 million.
Strengthen your cybersecurity posture
Regardless of your business’s size, cybersecurity is a critical risk management component in protecting your organization. According to the IBM/Ponemon report, organizations with extensive security AI and automation saved an average of $1.76 million, plus they identified and contained breaches an average of 108 days sooner than their counterparts who weren’t automating their security efforts. The time factor is significant because containing a breach within 200 days can save $1.02 million in comparison to containment efforts that extend beyond 200 days.
Protect your firm
Forming an incident response plan, engaging a response team, and frequently testing for various breach scenarios will help to prepare your organization for a real cyberattack. According to the IBM/Ponemon report, using a development, security and operations (DevSecOps) approach that emphasizes IT security at every stage of the product lifecycle was the highest cost saver for businesses. Implementing practices such as employee training, incident response preparedness, encryption, and cyber insurance, all helped to reduce the cost of a data breach.
The factor that drove up costs most significantly was the complexity of the security system. Therefore, the smart move for small businesses is to find all-in-one comprehensive security solutions, preferably with automation and AI assistance built in.
Businesses of any size but particularly small businesses should keep security in mind and consider working with a trusted provider to minimize the cost and disruption associated with data breaches.
Jaspher Respecio is manager of security operations at Hawaiian Telcom. Reach him at jaspher.respecio@hawaiiantel.com.
© Honolulu Star-Advertiser
Visit this article in the Star-Advertiser.