How Much Does a Data Breach Cost?
In the United States, the frequency of data breaches has increased ten-fold over the past 16 years. The average number of records exposed annually has doubled from around 95 million from 2005-2009 to just over 200 million from 2016-2020 (Johnson, 2021). While the internet offers an undeniable convenience in our digital society, the growing quantities of sensitive information stored online pose an immense responsibility and liability to entrusted businesses that hold this data.
Data breaches are often extremely costly events for businesses. This article aims to provide an overview of potential costs and risks of data breaches, along with suggested services from CBTS Hawaiian Telcom to help your business strengthen its cyber security posture.
Who is at Risk of a Data Breach?
Any organization that possesses valuable data, from personal information like credit card data or medical records, to classified government documents and company proprietary information are potentially at risk of a data breach. Verizon’s 2021 Data Breach Investigations Report states that “financially motivated attacks continue to be the most common, likewise, actors categorized as organized crime continue to be number one.”
Verizon’s 2021 Data Breach Investigations Report also highlights how small organizations are facing increased risk, as “last year, small organizations accounted for less than half the number of breaches that large organizations showed. This year these two are less far apart with 307 breaches in large and 263 breaches in small organizations.” A statement from the U.S. Securities and Exchange Commissioner provides a simple reason for the trend:
“Small and medium businesses face precisely the same threat landscape that confronts larger organizations, but must do so with far fewer resources”.
Data breaches still pose a major threat to larger organizations who tend to possess high-value confidential data, or millions of client information records.
What are the Costs of a Data Breach?
There are two broad categories of costs; direct, tangible costs, and indirect, intangible costs. For example, data breaches can be especially devastating to smaller businesses as they may not have the resources to recover from direct monetary costs needed to handle them. On the other hand, larger organizations may suffer millions of dollars in losses from indirect, intangible costs such as damaged investor relations.
The annual Cost of a Data Breach Report sponsored by IBM and conducted by the Ponemon Institute found that the average cost of a data breach in 2020 is $3.86 million USD. Data breaches also have substantial downstream effects, where an average of 39% of costs are incurred beyond the first year following a breach. Ransomware has been a growing threat for small businesses. According to Sophos report an average ransom payment for 100-1,000 employee organizations was $107,694 in 2020.
Some examples of tangible data breach costs include:
- Monetary theft
- Remediation and system repair
- Regulatory and compliance fines
- Legal and public relations fees
- Notification, identity theft repair and credit monitoring for affected parties
- Increase in insurance premium
Some potential intangible data breach costs include:
- Business disruption and downtime
- Loss of business or customers
- Loss of intellectual property or competitive advantage
- Damage to company credibility, brand and reputation
Why Should you Strengthen Your Cybersecurity Posture?
Regardless of your business’ size, cybersecurity is a critical risk management component in protecting your organization. Organizations with fully deployed security automation saved an average of $3.58 million USD, and those with incident response teams who tested their response plans saved $2 million USD compared to organizations with no security automation or response team. Moreover, containing a breach within 200 days can to save approximately $1 million USD in comparison to containment efforts that extend beyond 200 days.
How Can You Protect Your Organization?
Forming an incident response plan, response team and frequently testing for various breach scenarios will help to prepare your organization for a real cyberattack. According to IBM and the Ponemon Institute’s 2020 report, incident response preparedness was the highest cost saver for businesses. Implementing practices such as encryption, employee training and cyber insurance, all helped to reduce the cost of a data breach.
As many organizations have shifted to providing their employees the ability to work remotely, cybersecurity training and endpoint security have become even more vital in protecting assets from access points outside the organization’s physical boundaries.
Want to learn more or not sure where to start? Our experts at CBTS Hawaiian Telcom are here to help you develop a custom cybersecurity solution that meets your needs. Get in touch with us and find more stress-free cybersecurity solutions on our website.