When contemplating a cybersecurity framework for a business, it’s vital that company-owners consider what the true cost of a data breach would be to them. Only then is it possible to determine how much time, attention, and money should be spent on cybersecurity.
The cost of a data breach not only refers to the monetary value of such an incident, but also the implications regarding loss of respect and credibility as a business. A severe data breach can be hugely detrimental to a company, particularly where stakeholders are concerned.
The financial cost of a data breach
After analysing data breaches that happened across the world between April 2018 and April 2019, researchers at IBM reported that the average, total cost of a data breach to a business is a phenomenal $3.92 million. They also found that companies in the US had the highest average cost of all countries, at around $8.19 million. To reach these figures, the researchers considered the monetary losses that were incurred in the four areas involved in a data breach:
Detection and escalation – this refers to any costs resulting from detecting and reporting a cybersecurity incident, such as auditing and investigation.
Notification – this aspect includes the financial cost of having to notify people of the incident, such as time spent making calls or writing letters to customers.
Response – this relates to the costs involved with the company’s response to the breach. This could be anything from legal advice to free gifts and discounts for customers.
Business losses – when a breach occurs, it will usually cause disruption and even downtime to a business. This area relates to the loss of revenue experienced as a result.
The cost of losing credibility
Even when a business can make it through the financial difficulties that are associated with a data breach, sadly there are still further problems to contend with. When a business suffers from a cybersecurity incident, this can often deter new and even existing customers, who feel that their personal information is not in safe hands with your company. For small businesses in particular, this damaged reputation can be extremely hard, or even impossible to recover from.
Rebuilding a business reputation is vital in order to attract new customers, and keep existing clients on the books. After a breach, these stakeholders need to know that the business has taken the incident seriously, and is doing as much as possible to guarantee the protection of sensitive information going forwards.
Damaged stakeholder relationships
As customers lose faith in a business after a data breach, so may other stakeholders – including investors and employees. The cost of these damaged relationships can also be profound, as these individuals, who are imperative to the business’ existence, may seek to part ways.
A data breach can lead to discontentment, or even the departure, of employees – particularly if it was their personal information that was leaked. Such an incident will certainly lead to doubt and anxiety, causing employees to be distrustful of the employer. The publicity of such a data leak is also likely to put off potential new recruits in the future.
Where investors are concerned, many are likely to lose faith in the company simply because a breach has been allowed to happen. This is because a data breach demonstrates that the business is vulnerable, and ill-prepared for cyber-attacks. In 2017, Oxford Economics carried out a study which revealed that after a breach, the value of a company’s shares fell by an average of 1.8%.
What is the overall average cost of a data breach?
Taking into account the financial, credibility, and relationship implications of a data breach, it’s clear that the cost of this kind of incident can be severely damaging. For SMEs in particular, that may have a small budget and therefore less of a defence against cybercrime, the costs can even lead to bankruptcy. Sadly, cybercriminals are all too aware of this, and are often known to target smaller businesses.
The true cost of a data breach will entirely depend on the nature of the attack, and the damage it has caused. Different cybercriminals want different things, and while the overall goal is usually financial, this cost may not always be crippling. Many companies find that the damage a breach causes to their reputation is actually more detrimental than the immediate monetary costs involved.
The best defence against a data breach is to put in place adequate shields against cybercrime, before one happens. This should include the use of quality security software, data encryption, and educating your staff about staying protected online.