We’ve all heard that when it comes to experiencing a data breach, the question is not if it will happen, but when. The odds are as high as 1 in 4. Therefore, organizations must understand the probability of being attacked, how it affects them and, even more importantly, which factors can reduce or increase the impact and cost of a data breach.

More than 50% of U.S. businesses experienced a cyber attack in the past year. The statistical trends suggest that companies of all sizes will continue to struggle with data breaches into 2018 and beyond. In the first half of 2017 alone, there were nearly 2 billion records lost or stolen in a breach…a 164% increase over the last six months of 2016.

You probably already know that breaches are expensive, but do you know exactly how much they cost?

Currently the largest data breach in history was on 3 billion Yahoo accounts in 2013-2014. This data breach cost Yahoo $350 million (the breaches forced Yahoo to renegotiate its sale to Verizon, cutting the price by $350 million), and doesn’t even include the standard issues used to calculate the costs of a data breach, such as remediation, loss of customers, business disruption, regulatory fines, legal costs, PR, notification costs and so on.

Cyber Criminals Don’t Discriminate

Big corporations aren’t the only target. According to the Verizon Data Breach Investigation Report, 61% of breaches hit smaller businesses last year, up from the previous year’s 53%. And according to the US government, cyber criminals simply go after vulnerable systems regardless of whom they belong to.

Cost of a Data Breach

Each report of a cyberattack can cost a small business tens of thousands of dollars, which means a small business with no insurance can end up in bankruptcy. This is likely the reason why 60 percent of small and medium-sized businesses fold within six months of a data breach, according to Inc.

The cost of a data breach is different for every organization, but between industry fines, forensic investigations, card replacements costs, and more—a data breach is expensive and typically a catastrophic event for a small business.

In the US alone, data breaches cost organizations an average of $225 per record compromised. Strictly regulated industries were subject to higher data breach costs, with healthcare footing the largest bill at $380 per record – this is more than double the global average of $141 per record across all industries. This is followed by financial services ($336 per capita), services ($274), life science ($264), and industrial ($259).

And, according to UPS Capital,

  • Cyber attacks cost small businesses between $84,000 and $148,000.
  • 60% of small businesses go out of business within six months of an attack.
  • 90% of small business don’t use any data protection at all for company and customer information.

Almost two-thirds of all cyberattacks are now directed at small business, people.

If you’re worried and curious about your business, IBM has a data breach calculator that will help you explore the impact a breach will have on your business, based on your risk factors.

Additional Costs

A breach isn’t just damaging in terms of the fines you might have to pay. There are many other factors that cost your business money, including:

Disrupted Productivity

In 2016, it took an average of 62 days from intrusion for a company to detect and remediate the breach, according to Statista. That’s almost two months of lost productivity as you worry about the legal, technical, and financial ramifications of the breach.

Lost Customers

When customers learn that a business has been compromised, they tend to stay away. This opportunity cost is enormous. The average company in the US suffers $4.13 million in lost business from customers avoiding it after a breach, and, according to Business Insider, 76% of people said they would move away from companies with a high record of data breaches.

Reputation Damage

Obviously, a breach is detrimental to an organization’s brand and reputation. For larger companies, a PR firm is needed to mend relations via the media, and keep customers and stakeholders informed in the aftermath of the breach, all costing you money.

How do you prevent data breaches?

There isn’t an ecommerce business in the world that doesn’t collect and store personal information about customers. That’s why theft and loss of private information is on the rise—these are attractive targets.

All businesses, regardless of size, should take the necessary precautions to prevent a data breach. Here are some tips to help minimize the risk of a data breach, and what you can do to protect your business.

Secure All Computers: Require password protection for all computers and the use of strong passwords that must be changed on a regular basis. Also, don’t store your personal information on a computer that is connected to the internet unless it’s necessary for your business.

Keep All Software Up-To-Date: Use firewalls, PCI and scanning services, anti-virus and anti-spyware software and make sure they are all up-to-date on a daily basis.

Educate & Train Employees: Establish a written policy about privacy and data security and communicate it to all employees. Make sure your employees know which types of information are sensitive or confidential and what their responsibilities are to protect that data.

81% of hacking-related breaches leveraged either stolen and/or weak passwords.”
– Verizon Data Breach Investigations Report, 2017

Data Breach Insurance: Data breach insurance and cyber liability insurance help protect you in the event of a data breach. These services can help cover costs involved, including fines and assessments, credit monitoring, hardware upgrades, forensic exams and more depending on the coverage you choose. Getting data breach coverage is important because quick action is imperative to help restore both your reputation and your business after it has been damaged by a cyber attack.

In Closing

When it comes to data breaches in today’s fast-paced tech-everything society, the odds are stacked against any business, especially those who are operating in regulated industries. For those organizations leaving themselves vulnerable to an attack, it seems it is no longer a case of if a breach will happen, but rather when a breach will happen.

What should you do if you become the victim of a breach or attack? We have these recommendations:

  • Act immediately. Contact your IT team, legal counsel and cyber liability insurance agent.
  • Contain the breach. Take affected systems offline, but don’t turn them off. That’s so your IT team can examine the source of the breach.
  • Document every step. Authorities will need to know these details.
  • Communicate clearly. Ensure affected groups are made aware of the issue and the steps being taken.

For more information on our data security products you can email us at info@cpjsolutions.com.