Can a data breach really bankrupt your business?

by

Can a data breach.png

If you’ve ever worked with an MSP (or read this blog), you’ve probably heard warnings about protecting yourself against data breaches. They’re dangerous, inconvenient and, above all else, costly. But saying one data breach can bankrupt your business isn’t gloom-and-doom hype – it’s the truth.

Calculating the overall cost of a breach

There are a number of factors that go into calculating the total cost of a data breach, so it can be challenging to come up with a particular price tag. However, the Ponemon Institute and IBM’s 2016 Data Breach Study establishes some general financial benchmarks.

According to their report, the total average cost of a breach is around $7 million, with each compromised record costing a company about $221. This $7 million figure can be broken down by categorizing costs as direct and indirect. The former includes any action taken to assist victims and minimize the effect of data loss (e.g. legal fees, ransom payments), while the latter includes reputation damage and resource time. Studies have shown that companies actually spend more on the indirect elements of a data breach.

Business ResumptionPlan.png

What costs are associated with a breach?

When a business suffers a data breach, the long-lasting effects go beyond simply restoring or buying back lost data. Some of the most common direct and indirect costs include:

  • Loss of customers: Any widespread data breach results in loss of existing customers, as well as dissuasion of prospects – a large percentage of surveyed adults said they would not work with a business that has been breached.
  • Business disruption: This term encompasses lost revenue due to things like decreased employee productivity and business process failures.
  • Legal fees: Dealing with the fallout of a breach typically involves legal counsel, especially if class-action lawsuits are filed. Some companies have had to pay out upward of $10 million in the aftermath of a breach, not including legal fees.
  • Regulatory fines: Depending on your industry, you may face noncompliance fines levied by regulatory agencies such as the Federal Communications Commission (FCC) or the Federal Trade Commission (FTC).
  • Stolen revenue: If your network has been breached, there is a chance the hackers will gain direct access to your accounts.
  • Notification and public relations: 95% of states have legislation requiring companies to notify individuals of breaches involving personally identifiable information, which can include postal expenditures, email systems, inbound communication setup and resource time. Most companies also retain a PR agency to communicate with media, victims, stakeholders and employees.
  • Identify theft repair and monitoring: When a data breach occurs, businesses must fund follow-up actions to ensure the integrity of the victims’ identities, such as reissuing credit cards and paying for credit monitoring.

In short, one significant data breach is usually all it takes to bankrupt a small- to medium-sized business. There are a lot of things companies can do to protect themselves from data breaches: ensuring compliance, implementing encryption, installing thorough security packages with anti-virus software and firewalls, and, most importantly, providing user education. At MyITpros, we encourage all businesses to put together incident plans in case of a breach. Feel free to contact us today to discuss your security needs.

We're Integris. We're always working to empower people through technology.

Keep reading

The essential elements of a disaster recovery plan

The essential elements of a disaster recovery plan

In terms of disaster recovery, 2017 was not a good year. Considering this, the fact that studies show 30% of businesses had no disaster recovery strategy in place as of last year is even more worrying. What does that mean, exactly? In short, there is a lot of money...

4 critical security questions to ask an IT provider

4 critical security questions to ask an IT provider

When you’re selecting a managed IT service provider, security should always be a major focus. But how can you tell if an MSP has the knowledge and expertise you need? By knowing and asking the right questions, you can ensure your potential MSP speaks fluent security...

Disaster recovery in the aftermath of Hurricane Harvey

Disaster recovery in the aftermath of Hurricane Harvey

Texas has been devastated by Hurricane Harvey, the strongest hurricane to hit land since 2005. Although Austin was outside the hurricane’s direct path, MyITpros’ clients and colleagues alike were impacted by the effects of the storm. For many business owners taking...