How Much Could a Security Compromise Cost Your Company?

May 3, 2018 Eric Dosal Eric Dosal

Cybersecurity breaches are a constant threat for businesses of all sizes and industries. From those who would try to steal a company’s IP to close a competition gap, to cybercriminals looking for a quick score, to hacktivist groups attempting to make a point, there’s no shortage of threats out there.

The one question that seems to be on every business owner’s mind—the one that so many ask our company’s experts so frequently—is: “How much can a security compromise cost my company?”

The answer depends on a few things, including:

  • How prepared you are to deal with a security breach;
  • The extent of the breach and how long it takes to detect/fix; and
  • What kind of breach you experience.

The Average Cost of a Security Compromise

According to data from a 2017 Ponemon study on the subject, the average cost of a data breach is around $3.62 million. For some companies, this might be a drop in the proverbial bucket, but for many others, this could make or break the business. However, that’s just the average cost, the cost of a breach might go significantly higher or lower for your own business.

For example, consider the average cost of each lost or compromised record—which is $141 according to the Ponemon study. The more records that are breached, the more work you’ll have to do to contact everyone who is affected, the greater protective measures (such as fraud prevention services/credit monitoring) you’ll need to implement, and the more data you’ll have to track. So, bigger breaches will inevitably lead to higher costs.

What about the Hidden Costs of a Security Breach?

Of course, the cost of a data breach can go far beyond the money spent on stopping the breach and returning things to normal. There are other, unseen costs that can arise from a data breach. A security compromise can affect a business’ ability to attract and retain customers.

A large security breach can affect your customers’ confidence in your business. After a breach, consumers may be shy about trusting your business with sensitive information like payment card information (PCI) or other personally-identifiable information (PII).

For example, after a major breach back in 2013, retail giant Target noticed a major drop in profits from the previous year. As reported by the New York Times, net earnings were “down 46 percent from the same period a year earlier.” While not a “direct” cost of the breach, the loss of profits was devastating during the normally high-performing holiday season.

The problem is that hidden costs, like lost sales, are nearly impossible to accurately track—how much is because of a loss of customer confidence? And, how much is the result of other, unrelated factors like routine swings in demand for services?

However, while the full impact may be difficult to accurately measure, there is a definite impact. According to data cited by Inc.com, “As much as 60 percent of hacked small and medium-sized businesses go out of business within six months.” This is the real risk—the real cost—of a major security breach.

Avoiding the Worst Costs

There’s a hard truth that many cybersecurity professionals don’t want to admit: there is no stopping 100% of all attacks. Eventually, an attacker will be skilled enough, persistent enough, or lucky enough to find some kind of weakness they can exploit.

While shoring up your cybersecurity measures with firewalls, antivirus, intrusion detection/prevention systems, regular patch schedules, employee cybersecurity awareness training, and the latest technology solutions can do a lot to keep your business from falling victim to the majority of attacks, you need to be prepared for what can happen if all of those defenses get breached.

Some steps you can take to minimize costs include:

  • Using a Data Backup and Recovery Solution. Having a remote backup of your company’s most important data can be crucial for a smooth recovery if an attacker manages to corrupt your local files with a ransomware program or similar attack that renders your data unusable. Having a remote backup can mean the difference between being up and running again in hours without having to pay a ransom, and never getting back your lost data.
  • Creating an Incident Response Plan. While you might not be able to account for every last possible scenario, it’s important to create a plan of action for the employees in your business to follow should a data breach occur. This incident response plan (IRP) should define roles and responsibilities for everyone to follow in case of a security compromise event. And, to make sure everyone is ready to carry out the IRP, they should be drilled on it once in a while as well.
  • Auditing All of Your IT Assets on the Network. The first step in recovering from an incident is knowing what all of the affected assets are. An audit of your security policies and assets lets you know what’s on your network that needs protecting and what your weaknesses are. This can help you to optimize your IRP by letting you make changes to your assets that minimize your exposure to risk and simplify the recovery process.

Having a plan and a few tools in place to speed up your recovery process following an attack can make a world of difference in how much a data breach costs you. Generally speaking, the faster you can put things back to normal, the better.

Protecting your business from cybersecurity compromise should always be a top priority—especially considering just how many malicious actors there are and how many attacks occur each and every day.

If you need help creating an incident response plan for your business—or in finding the right tools and technologies to help your business minimize its cybersecurity risks—please contact us today! Compuquip Cybersecurity is here to help.

back-to-cybersecurity-basics