The Cost of a Data Breach: What’s Really at Stake?

The cost of a data breach can vary greatly between organizations depending on numerous factors like industry, size or geographic location, but the average global cost is reported to be $3.86 Million USD. That is an alarming number for any company, but particularly terrifying for small to mid-sized businesses. Especially considering that the majority of attacks target the SMB market and 60% of those compromised fold within 6 months of an attack.

When you’re assessing the potential risks, overall impact and cost of a data breach, there is far more to consider than expenses tied to remediation and recovery. Organizations need to consider multiple factors that have both short and longer term impacts — some of which are more difficult to quantify than others.  If you haven’t gone below the surface layer to assess what’s actually at stake when it comes to a data breach, here is a short list you can use to break down the most consequential financial impacts and get a better sense of just how much you’re really risking.

Business Disruption. The costs tied to business disruptions will vary depending on the nature of the business, and severity of the disruption. According to a recent Cisco benchmark study, 40% of mid-market companies with 250-499 employees “experienced eight hours or more of system downtime due to a severe security breach in the past year.”

How would your business be impacted if your systems were down for eight or more hours?

Business and Revenue Loss. Across all industry sectors, loss of business has been the biggest breach cost for the past 5 years, which now costs businesses an average of $1.42 million or 36% of their total breach cost.

How would your business recover from a sudden and significant revenue drop?

Information Loss. The vast majority of data breaches are executed with the goal of intelligence gathering or taking data — competitive strategies, proprietary data, product designs and other valuable intellectual property.

What would it cost your business if your competitors had access to all of your proprietary data, trade secrets and intellectual property?

Brand Reputation. Branding can be equated to how much a customer trusts and organization.  “It takes 20 years to build a reputation and five minutes to ruin it” — Warren Buffett. In the wake of the Equifax data breach in 2017, as many as 40% of credit card holders did not trust the company with financial information. The lack of trust can also influence investors. Companies experienced an average stock price decline of 5% immediately following disclosure of a breach.

How much would it cost to rebuild or restore your brand reputation?

Other Costs. The list of financial repercussions after a data breach is long. In addition to the upfront costs, companies are hit with legal fees, PR expenses, hikes in insurance premiums, regulatory fines and more. Worse, these costs can extend well beyond the first year after a breach. Equifax, for example, was recently hit with a downgraded status from ‘stable’ to ‘negative’ as a result of escalating litigation and regulatory costs related to the 2017 data breach, combined with the company’s decision to invest in cybersecurity spending — factors predicted to hurt the company’s profitability, hinder its free cash flow and weakening its financial strength.

How much free cash flow does your company need in order to withstand the short and long terms costs resulting from an attack without going under?

Reports vary, but it is often reported that organizations have a 20% – 25% chance of suffering a data breach within the next year or two. Considering the weight of all the different factors listed above coupled with those odds, companies that aren’t proactively taking preventative actions are putting themselves at risk. If, after considering the impact of all these factors, your strategy remains to operate in denial or just cross your fingers and hope you don’t become the next statistic…“May the odds be ever in your favor.”