As security experts, you know firsthand that getting hacked is really expensive for your company. The average cost of a data breach hit a whopping $4 million this year, representing a 29% increase since 2013, according to 2016 Ponemon Institute and IBM data, which released a report on the topic.
Among the key findings reported:
- Data breaches cost the most in the U.S. at $223 per record on average and $213 in Germany. Brazil and India were the lowest at $100 and $61, respectively.
- The average cost of a data breach in the U.S. was $7.01 million. In India, a breach costs $1.6 million.
- Healthcare data breach costs are $355 per record on average and education was $246. Public sector had the lowest data breach costs at $80 a record.
- 48% of breaches were caused by malicious and criminal attacks.
- Use of encryption and incident response teams cut data breach costs by $16 per record.
- How fast a company responds to a data breach affects costs.
However, many organizations still are shocked on how data breaches can be so costly. To fully understand the increased cost of a data breach each year, let’s break down some of the most expensive aspects:
- Loss of customers – Of 2,000 adults interviewed in the United States in the study, 76% said they would move away from companies with a high record of data breaches.
- Business disruption – Business disruption accounts for 39% of total external costs, which include costs associated with business process failures and lost employee productivity. If a business were to get hacked during a busy season (ex. Like retail during the holiday season) this cost could affect more than half the business’ annual income that year.
- Regulatory fines and/or legal costs – Fines from the FTC (Federal Trade Commission), FCC (Federal Communication Commission) and HHS (Health and Human Services) are very common in large data breaches. Additionally, class action lawsuits and effected parties are usually filed within days of knowledge of such breach.
- Public relations – At the core, a large data breach could affect your brand. PR will have immediate work to be done to keep stakeholders informed but will likely have additional tasks in relation to the breach for years and years ahead.
- Direct financial lost– Once attackers breach your network, they may be able to obtain access to your financial accounts to wire money to accounts they control.
What does this all boil down to for you and your company? Basically that losses from security breaches should be seen as just another cost of doing business. Relative to all other risks a company may face, cyber risks are just another event on the list that should be taken seriously and prepared for.
Are you surprised by these findings? Is your company investing the appropriate time and money to protect against a data breach? Let us know your thoughts in the comments section below.