Data Breach Cost: A Breach Will Probably Cost More Than You Think
Every single lost or stolen record containing confidential data could cost your business at least $154 this year, according to the 2015 Cost of Data Breach Study. The study also showed that the average total cost of a data breach is $3.79 million globally.
How did it determine the data breach cost?
The Ponemon Institute, which has been doing the survey since 2005, used a mathematical formula that tallied direct and indirect expenses such as hiring forensic experts, setting up hotlines and credit monitoring services, in-house investigations and communications, and it factored in customer loss as well.
Of course, “the financial burden isn’t the only cost that your company faces when a breach occurs,” said writer Tom Pendergast in a mediapro.com story.
Here is a look at the different costs – and factors – of a data breach.
DETECTION AND ESCALATION: When a breach occurs, forensic and investigative activities, assessment and audit services, and crisis team management and internal communications are necessary, and those costs add up to almost $1 million in the Ponemon study. In a recent blog, security solutions company Vitrium estimated that depending on the size of the company, forensic services and damage control fees alone can each cost from $10,000 to over $100,000.
TRADE SECRETS: Vitrium estimated that the loss of intellectual property or trade secrets could result in a .5% to 2% loss of market share.
LOST BUSINESS: The Ponemon study showed lost business cost $1.57 million (of the $3.79 total cost of a data breach) and attributed it to abnormal turnover of customers, increased customer acquisition activities and reputation losses. Basically, when a company experiences a data breach, old customers leave, and new and potential customers stay away. Vitrium estimated that a breach can result in the loss of 10% of revenue for a small company, 20% for medium, and 30-50% for large companies.
INFRASTRUCTURE: Following a breach, a company may have to repair and re-build internal systems.
LAWYERS: Legal costs can range from tens of thousands to over $100,000 for large companies.
OTHER FACTORS: A data breach due to malicious or criminal attacks is higher than one caused by system glitches or human error - $170 compared to $142 and $137. Also, data breaches that occur in the U.S. cost the most in the world – at $217 per record. Breaches in heavily regulated industries also cost more. A healthcare industry breach, for example, can cost $363 per record – compared to the average global cost of $154.
What’s really important in terms of safeguarding confidential information and reducing data breach risk is to realize that it’s an enterprise-wide issue, wrote Larry Ponemon in an online article, not just a technology problem.
Every organization should have a data breach plan in place that covers everything from developing a strong security awareness training program to adhering to a document management policy that protects information from creation to disposal.
To reduce data breach risk, partner with a reliable shredding company that provides locked consoles for the workplace, on- or off-site destruction services, and a certificate of destruction after every shred.