Can a data breach really bankrupt your business?


August 18, 2017

Can a data breach.png

If you’ve ever worked with an MSP (or read this blog), you’ve probably heard warnings about protecting yourself against data breaches. They’re dangerous, inconvenient and, above all else, costly. But saying one data breach can bankrupt your business isn’t gloom-and-doom hype – it’s the truth.

Calculating the overall cost of a breach

There are a number of factors that go into calculating the total cost of a data breach, so it can be challenging to come up with a particular price tag. However, the Ponemon Institute and IBM’s 2016 Data Breach Study establishes some general financial benchmarks.

According to their report, the total average cost of a breach is around $7 million, with each compromised record costing a company about $221. This $7 million figure can be broken down by categorizing costs as direct and indirect. The former includes any action taken to assist victims and minimize the effect of data loss (e.g. legal fees, ransom payments), while the latter includes reputation damage and resource time. Studies have shown that companies actually spend more on the indirect elements of a data breach.

Business ResumptionPlan.png

What costs are associated with a breach?

When a business suffers a data breach, the long-lasting effects go beyond simply restoring or buying back lost data. Some of the most common direct and indirect costs include:

  • Loss of customers: Any widespread data breach results in loss of existing customers, as well as dissuasion of prospects – a large percentage of surveyed adults said they would not work with a business that has been breached.
  • Business disruption: This term encompasses lost revenue due to things like decreased employee productivity and business process failures.
  • Legal fees: Dealing with the fallout of a breach typically involves legal counsel, especially if class-action lawsuits are filed. Some companies have had to pay out upward of $10 million in the aftermath of a breach, not including legal fees.
  • Regulatory fines: Depending on your industry, you may face noncompliance fines levied by regulatory agencies such as the Federal Communications Commission (FCC) or the Federal Trade Commission (FTC).
  • Stolen revenue: If your network has been breached, there is a chance the hackers will gain direct access to your accounts.
  • Notification and public relations: 95% of states have legislation requiring companies to notify individuals of breaches involving personally identifiable information, which can include postal expenditures, email systems, inbound communication setup and resource time. Most companies also retain a PR agency to communicate with media, victims, stakeholders and employees.
  • Identify theft repair and monitoring: When a data breach occurs, businesses must fund follow-up actions to ensure the integrity of the victims’ identities, such as reissuing credit cards and paying for credit monitoring.

In short, one significant data breach is usually all it takes to bankrupt a small- to medium-sized business. There are a lot of things companies can do to protect themselves from data breaches: ensuring compliance, implementing encryption, installing thorough security packages with anti-virus software and firewalls, and, most importantly, providing user education. At MyITpros, we encourage all businesses to put together incident plans in case of a breach. Feel free to contact us today to discuss your security needs.

We're Integris. We're always working to empower people through technology.

Keep reading

Cybersecurity Plans, Policies, and Procedures: A Guide

Cybersecurity Plans, Policies, and Procedures: A Guide

The proliferation of cyber threats has underscored the critical importance of robust cybersecurity measures for organizations and industries. As cybercriminals evolve and adapt their tactics, protecting sensitive data, critical systems, and digital infrastructure has...

Two Access Credentials Best Practices to Adopt Right Now

Two Access Credentials Best Practices to Adopt Right Now

To solidify business continuity, IT Teams, IT Steering Committees, and their MSPs should embrace two durable and future-proof access credentials best practices. Access credentials AKA “email addresses and passwords” are the proverbial combinations for each master lock...

The Real Story: Continuity vs. Backup

The Real Story: Continuity vs. Backup

The difference between continuity and backup is akin to the difference between the pitcher and the whole baseball team. Backup is a part of continuity, but in the IT world of today, it is only a player and not the whole team. The problem is that backup is great if...