Posted on May 25, 2020 by Rob May
Business owners all over need to consider the cost of a data breach when deciding on a cybersecurity framework. There are a number of aspects that must be taken into account; not only the monetary cost but also that from the loss of credibility and respect from stakeholders. The total cost can vastly differ depending on the size of the company and the implications of the breach. Read on for an insight into everything involved, and the estimated average cost of a data breach.
Researchers at IBM looked at global data breaches between April 2018 and April 2019 and determined that the average total cost of a data breach to a company is a massive $3.92 million USD (£3.05 million). The report also stated that the US had the highest country average cost of a data breach, at $8.19 million (£6.36 million), and that the highest costs were found in the healthcare sector.
To get to this cost, the researchers took into account all the monetary losses that could occur in four different areas:
This relates to any processes that a business has in place to detect and report a data breach, from auditing services to investigation time.
This covers the costs involved with highlighting the problem to those affected, such as making phone calls or sending letters to customers whose data has been compromised.
This means all costs incurred in response to the event, including all kinds of reparations to customers such as free gifts or discounts, all communication, and legal advice.
Data breaches usually involve a significant amount of disruption, potentially including business downtime. These can often lead to a loss of revenue and loss of customers.
When a business suffers a data breach there can be catastrophic consequences, which smaller businesses, in particular, might struggle to recover from. Even after making it through financial turmoil, it can be extremely difficult to rebuild a business reputation that can attract new customers.
Once confidence has been lost in a company, such as if customer data has been leaked, not only are those customers likely to leave but new customers are likely to be put off for fear that their information is not safe.
It’s not only the relationships with customers that business owners need to be aware of if they experience a data breach. Another unforeseen cost of a data breach can be the negative consequences with other stakeholders, including staff and investors.
Depending on the type of incident, staff details could also have been leaked. This is likely to cause a sense of anxiety and unrest among employees, which could lead to people leaving or no longer applying 100% of effort into their work.
A data breach can also cause investors to lose faith in the business, simply because such an event demonstrates vulnerabilities. A study in 2017 by Oxford Economics found that public companies’ share value dropped by an average of 1.8% following a serious breach. Lloyds of London also claimed that a major cyber attack – such as Wannacry that infamously crippled the NHS – could trigger average economic losses of £41bn. This is akin to the costs of a natural disaster.
According to research carried out by Hiscox insurance company, there are an estimated 65,000 attempted cyber attacks against UK small businesses every day. The reason for this is that SMEs are known to have a lower budget for IT and cybersecurity; a fact which cybercriminals exploit.
Because SMEs have less-secure digital systems, they are more likely to be targeted. The effects of a cyberattack on an SME can be far more damaging than on a large-scale business, simply because they have a much lower budget to tackle the problems that data breaches cause.
When determining the average cost of a data breach, consideration needs to go to sales, customer relations, market reputation and ultimately a business’s bottom line. These are all intangible costs that are incurred in addition to the very real costs of legal services, regulatory fines, cyber consultants, new hardware software, and training. To avoid ever having to contend with the costs of a data breach, get the cybersecurity services you need from ramsac. We provide expert consultation, advice and support, audits and training.
Rob May is our Managing Director and is also a renowned cybersecurity expert. He is the Ambassador for Cybersecurity for the Institute of Directors in the South of England. He is a successful TEDx speaker, published author and international keynote speaker on the subject.
Download our eguide - Cybersecurity: the basics