Data breaches are not a new phenomenon; they’ve been around for a long time. That being said, they’re certainly on the rise at the moment, and the costs for companies dealing with the fallout of a data breach continue to grow.
Technology and the use of the internet has vastly grown in recent times, yet companies continually lack decent security while making more and more use of digital technology. It’s a backwards concept when you think about it. You’d want to install a quality house alarm if you started collecting rare and expensive memorabilia, as an example.
So, how much does a data breach cost?
What costs are involved?
The cost of a data breach doesn’t just stem from a financial penalty. The cost of a data breach may also encompass the actions that certain companies and organisations take post-breach i.e. hiring a security company to max out their cybersecurity, or further training of staff, or investing in other data protection measures that may prevent further data breaches.
The cost of a data breach can also be dependent on the sector/industry too. According to the Huffington Post, the threat to companies, government agencies and research institutions is higher as they’re often dealing with ‘highly confidential information’. The same could also be said for medical institutions as medical records are commonly referred to as ‘treasure troves’ due to the nature of the data.
This isn’t to say that any single user’s information isn’t considered as private or confidential, but if it’s categorically considered as sensitive information, such as legal matters, regulatory affairs, intellectual property protection etc., when that is breached (either accidentally lost or stolen), the company or organisation may be hit with a considerable fine.
Research in to the costs
According to DocEx, a solution for the distribution of enterprise class information notes that “[in the U.S.] the average cost per incident of insider fraud is $412,000 (£314,000) and the average loss per industry is $15 million (£12 million) over a decade. In several instances, damages reached more than $1 billion (£762 million).”
This is a substantial amount of money for any company or organisation. Those fines could cripple a company…
There’s a case to argue that the situation isn’t far off that in the Europe. On 25th May 2018 the EU General Data Protection Regulation (GDPR) will impose very severe monetary penalties i.e. 4% of the company’s global annual turnover. This could be a devastating blow for both big and small companies. For a huge corporation, their fines could amount to millions or billions. For a small company, this could mean a huge knock on their reputation and livelihood; in addition to their finances.
Historic data breaches
Let’s not forget the most notorious data breaches in the past few years. If the GDPR was enforced at the time of Yahoo’s infamous 2014/15 data breach, this could’ve landed them with a whopping fine of $198 million (£151 million) as their 2015 revenue totalled to $4.9 billion (£3.7 billion).
Time for companies and organisations to see the real cost
According to the 2016 Data Breach Study that was undertaken by the Ponemon Institute and IBM, the average cost of a data breach involving 10,000 records amounted to around $5 million (£3.8 million). An average breach of more than 50,000 records amounted to around $13 million (£9.9 million).
Upon review of these figures, you can see that we’re not dealing with loose change. It’s time that companies and organisations did the same; this’ll hopefully drill in the importance of keeping data safe and secure.