The costs of a data breach can be huge. You stand to lose customers’ respect, confidence from the board and damage to your organization’s reputation. Oh, and did we mention $4 million on average?
For many companies, that could be the difference between a profitable year and unprofitable one – or even staying in business at all. But according to research from IBM and the Ponemon Institute as part of the 2016 Cost of a Data Breach survey, that’s the average loss from one of these incidents.
Costs keep rising
Last year, the average cost of a data breach was $3.79 million, meaning there was a $210,000 rise in the cost in one year alone. Since 2013, data breaches have become 29% more costly.
It’s understandable why these events are so costly when you consider the sheer number of records that can be breached in a single incident. On average, 29,611 records were breached per incident in the United States in 2016.
And there was definitely a strong correlation between the costs of attacks and the size of the incident. If more than 50,000 records were affected, the average cost was $6.7 million. If fewer than 10,000 records were, the average was a mere $2.1 million.
But before you go blaming cyberattacks and hackers, know that cybercrime isn’t always to blame, necessarily. Only 48% of breaches were the result of IT security threats, while 27% were system glitches and 25% were human error.
If these breaches resulted from cyberattacks, however, the costs were likely significantly higher. The cost per capita was $170 for these attacks, but only $138 for system glitches and $133 for human error.
Direct and indirect costs
As stated earlier, there are many factors that make data breaches expensive. Not only do you need to invest money to discover, fix and prevent future incidents, you may also see losses as a result of the breach.
The report breaks down these direct costs (such as hiring communication experts, forensic experts, legal teams, etc.) and indirect costs (things like the time your organization spends recovering that could otherwise be put to different tasks, loss of goodwill or reputation and customer churn).
Perhaps surprisingly, the direct costs of a data breach per capita in the U.S. were significantly lower than the indirect – 34% compared to 66%. This shows that the real harm of a data breach may not be the recovery from the incident itself, but rather the effort that needs to be undertaken in order to get back to where your organization once stood.
Take it to the board
You’ll likely want to make these ever-rising risks known to your board members. If the dollar figures don’t get their attention, the loss of competitive edge from a data breach certainly may.
It’s also a good reminder that nowadays, IT is a key cog in protecting your bottom line — its role is tied completely to your ability to remain competitive and profitable, and a breach certainly puts that at risk.
Best bet: Explain that even if a breach isn’t certain, it’s a good bet your company will encounter one at some point. And every dollar invested in that possibility now could save you considerable time and money should the worst ever happen.