Last week I wrote about under the radar costs of data breaches. Today, I'm going to share research from the Ponemon Institute that shines even more light on the rising financial costs of data breaches.
Regardless of the size of your business, you are at risk of being hacked (or of an employee being careless or acting with criminal intent) and having confidential information stolen.
Before getting into the research, I'll simply point out that it's a good idea to pay attention to your network security BEFORE a data breach than to scramble afterwards. Also, there's no such thing as 100% security, but that's no excuse for not doing your best – or partnering with a managed IT services company for help.
Here are four quick stats from the research:
- $7.01 million is the average total cost of a data breach
- 7% increase in the total cost of a data breach
- $221 – the average cost per lost or stolen record
- 2% increase in cost per lost or stolen record
Here's the research results in a nutshell – overall, costs are rising.
Here's my recommendation in a nutshell – stop ignoring your data security (and, no, installing anti-virus software on all of your company computers isn't a security strategy).
Here are the seven global trends from the report.
- Since first conducting this research, the cost of a data breach has not fluctuated significantly. This suggests that it is a permanent cost organizations need to be prepared to deal with and incorporate in their data protection strategies.
- The biggest financial consequence to organizations that experience a data breach is lost business. Following a data breach, organizations need to take steps to retain customers’ trust to reduce the long-term financial impact.
- Most data breaches continue to be caused by criminal and malicious attacks. These breaches also take the most time to detect and contain. As a result, they have the highest cost per record.
- Organizations recognize that the longer it takes to detect and contain a data breach the more costly it becomes to resolve. Over the years, detection and escalation costs in our research have increased. This suggests investments are being made in technologies and in-house expertise to reduce the time to detect and contain breaches.
- Regulated industries, such as healthcare and financial services, have the most costly data breaches because of fines and the higher than average rate of lost business and customers.
- Improvements in data governance programs will reduce the cost of data breach. Incident response plans, appointment of a CISO, employee training and awareness programs and a business continuity management strategy continue to result in cost savings.
- Investments in certain data loss prevention controls and activities such as encryption and endpoint security solutions are important for preventing data breaches. This year’s study revealed a reduction in the cost when companies participated in threat sharing and deployed data loss prevention technologies.
Costs per breach are up.
$221 average cost per compromised record is the highest since the first report 11 years. Indirect costs are $145 of this – including abnormal turnover and customer churn.
Regulated industries have higher data breach costs.
Intuitively, this makes a lot of sense. The cost per breach for healthcare ($402), life sciences ($301), and financial services ($264) is higher than the average.
Human error will cost you money.
Malicious or criminal attack is still “only” 50% of the root causes of data breaches – human error accounts for 23% and system glitches account for the remaining 27%. The upshot of this – investing in employee training on security can pay off. The per capita cost of a data breach caused by human error is $197 – training can help prevent at least some breaches.
The costs of churn can be high.
Financial and health industry companies are susceptible to the costs from abnormal churn rates (loss of customers). If you're in either of these industries, reduce costs of a data breach by focusing on customer retention and activities to buttress reputation and your brand's value.
Lost business costs are rising.
After a spike to a loss of $4.54 million in 2011, costs from lost business dropped to $3.01 million in 2012. However, they've steadily risen yearly to $3.97 million in 2016.
Even if your business' revenue isn't nearly as high as those in the Ponemon Institute's study, the results of a data breach will be as serious for your business as they are for any of those in the research.
Protect yourself. Hackers are out there – and as I've shared in other posts, SMBs are as at-risk as any other company.
For more information on everything to do with Managed IT Services, check out our resource page, here.