The number and frequency of data breaches is at an all time high. In 2018 billions of records, from companies of all sizes, were compromised. According to the 2018 Cost of a Data Breach study from IBM and Ponemon Institute, data breaches cost $3.86 million dollars globally. For the first time, the study also looked at the hidden costs of data breaches—lost business, employee time spent on recovery, and damage to reputation. These are difficult to calculate, but could be the deciding factor for some businesses on whether to keep the doors open. Let’s learn more about these hidden costs.
What Is the Average Cost of a Data Breach?
The global average cost of a data breach has risen 6.4 percent since 2017. The average cost for each lost or stolen record containing sensitive and confidential information also increased by 4.8 percent year over year to $148. Yes, $148 for each lost or stolen record that is compromised.
Hidden Costs Could Be the Worst Part of Data Breaches
Data breach costs that aren’t immediately visible are felt long after the breach has occurred and can be the most detrimental to businesses. The study found that one-third of the cost of “mega breaches” (over 1 million lost records) were derived from lost business.
Although publicized breaches often report losses in the millions, they use numbers that are highly variable, focused on specific, easy to measure, costs. According to Wendi Whitmore of IBM, “The truth is there are many hidden expenses which must be taken into account, such as reputational damage, customer turnover, and operational costs. Knowing where the costs lie, and how to reduce them, can help companies invest their resources more strategically and lower the huge financial risks at stake.”
These hidden costs are difficult to define and measure when it comes to the losses suffered. The Ponemon study examined factors that increase or decrease the cost of a breach, and they found that costs are heavily impacted by the amount of time spent containing a data breach and the company’s technology investments.
According to the study, the average time it takes to identify a data breach was 197 days. The average time required to contain a data breach, once identified, was 69 days. Companies that were able to contain a breach in less than 30 days saved well over $1 million compared to those that took more than 30 days.
It’s almost impossible to properly calculate how much lost business or a hit to your reputation would cost. However, adding in those costs, mixed with the amount saved by acting quickly, it’s safe to say that these hidden costs are one of the worst costs of a data breach.
How to Combat the Hidden Costs of a Data Breach
Despite all the tough stats about the financial impact of a data breach, there is a way to combat the hidden costs. In the same way you can avoid data breaches from occurring, having a plan in place in the event of a breach, and using the technology available to your business, can decrease the amount such an incident costs your business.
The Ponemon study also examined the effectiveness of security automation tools such as artificial intelligence for the first time this year. According to the study, organizations that have deployed automation security technologies saved over $1.5 million on the total cost of a breach, $2.88 million, compared to $4.43 million for those who had not deployed security automation. The use of an AI platform for cybersecurity reduced the cost by $8 per lost or stolen record.
It wasn’t just technology that was reported to have helped combat these hidden costs. Having an incident response team was the top savings factor, reducing the cost by $14 per compromised record. But what does an incident response team actually do?
According to Infosec Institute, an incident response team is involved in “developing an incident response policy and plan, creating formal procedures for performing incident handling and reporting, determining the necessary guidelines for communicating with outside parties both internal and external and defining the response team structure and required training.”
Businesses looking to decrease their chances of a data breach costing them more than they’re prepared for can also provide security awareness training for employees to help protect their data from the inside out. Cybersecurity training is critical, from instruction on the importance of using secure passwords to instruction on how to protect critical data files. Whether small business or large corporation, your business is at stake. Start preparing yourself for a breach now by understanding the hidden costs and how your business can up its security game.
The original version of this article was first published on Inspired eLearning.
Creator of brilliant content and engaging emails.