When a company experiences a data breach, it can result in huge losses. Sometimes, these losses can ultimately ruin a business, if the costs to repair the breach are too high. Data breaches are becoming more and more commonplace now, and chief information security officers need to be aware of what a data breach can do to the companies they work for. This is not a light issue whatsoever.
When a data breach occurs, there are two type of costs that will need to take place. One, are direct costs, which involve things like hiring a law firm, engaging forensic experts, and paying for each victim’s identity protection services. Then, there are indirect costs, which include time lost, effort spent, organizational resources used, loss of goodwill, and customer churn. Even when the reparations are paid, companies need to do their best to keep a customer’s trust. If they fail in this, the business can go down quickly.
These data breach costs have gone up a third since 2013.
The cost of business losses in the U.S. due to data breaches was $3.97 million average, as reported by this year’s Cost of Data Breach Study by Ponemon Institute. That cost includes those direct and indirect costs aforementioned, like abnormal turnover of customers, increased customer acquisition activities, reputation loss, etc. That last one, reputation, can actually be the most expensive, as a data breach could mean a lot of negative publicity for a company.
While those costs are extremely high, they’re definitely not the highest the world has seen.
France had the highest rate of customer churn, followed by Japan, Italy, the US, and the UK. Additionally, the Arabian Region had the highest direct costs at 57%, and the U.S. had the highest indirect costs, at 66%.
To give CIOs an idea of what these percentages mean, companies that experienced less than 1% loss of existing customers had an average data breach cost of $2.7 million. Those that lost more than 4% of existing customers were at average data breach costs of about $5.5 million. Companies that experienced the highest customer churn on average were financial, health and service organizations. Companies that had the lowest churn were public sector and education organizations.
In this research, it was found that the average total cost of a breach for the nearly 400 companies involved in the study, increased from $3.79 million to $4 million. Nearly half of the incidents involved a malicious or criminal attack, while a quarter happened inside the company by negligent employees. Lastly, 27% of the breaches reported involved system glitches.
When you look at all those numbers, it’s hard to dissect everything. Even after the cause of the data breach has been discovered and direct costs have been allocated, the most important thing for a company to do is to get the customers’ trust back. That’s not an easy or cheap task.
However, CIOs can do their best to step up their cybersecurity game, and try to prevent a breach, or at least a serious breach, happening at all costs. Cybersecurity costs are likely to increase 38% over the next ten years, according to a RAND Corporation study. Worldwide, companies spend over the $70 billion threshold for cybersecurity, and that number keeps growing between 10-15%. However, even the best CIO security approaches can still not guarantee a stop to hackers, who will eventually have the upper hand. Therefore, innovations to cybersecurity need to continue growing.
Cyber attacks can have major effects on a company. It’s imperative that CIOs do the best they can to stop a data breach before it happens. While it might cost a significant amount of money to increase a company’s cybersecurity, those costs are nowhere close to those that would need to be spent if a data breach were to occur.
Hopefully this information encourages CIOs to work closely with their companies to create the best cybersecurity plan.
After all, it’s better to be safe than sorry.