One of the most high-profile data breaches in 2015 involved Kmart when cybercriminals were able to access some details of the retailer’s online customers including names, email addresses, billing addresses, telephone numbers and product purchase information. While no credit card data was stolen, the breach will end up costing Kmart millions of dollars. Some smaller businesses may believe that they can sweep a data breach under the rug but the mandated data breach notification recently introduced in Australia means this is no longer an option.
It’s not just the salacious headlines featuring words like stolen data, hack and privacy breach that will haunt the organisation in the near future. Any company that suffers a data breach will be forced to divert time and resources to correct the problem. According to the 2016 Cost of Data Breach Study sponsored by IBM and conducted by the Ponemon Institute, the average total cost of a data breach in Australia was $2.64 million or $142 per file.
Many business owners don’t quite understand the true ramifications a data breach can have on their organisation. In fact, you might even be sceptical when it comes to just how much losing or having documents stolen will cost. This is understandable, so in order to get a better idea of the true cost of data breach let’s take a look at some of the factors you will need to consider.
Factors Influencing Data Breach Costs
Computer forensics – If a hacker was able to access your company’s data, you will need to figure out where they got it and how it happened so you can stop it from occurring again. This means you will need to call in a computer forensics expert and their fees are by no means cheap. The methods used by cybercriminals to extract data has continued to improve meaning it can take weeks or even months to pinpoint the leak and determine the full extent of the attack.
Notifying customers – After the forensics investigation is concluded they will be able to provide you with details on just what information was stolen and which customers were affected. You will then need to begin the process of notifying all parties that have been affected. You can expect an influx of inquiries from those affected as well as other customers wanting to know if they need to be concerned and you might have to bring on additional staff or hire an outsourced call centre to handle this. Depending on the visibility of your business, utilising the services of a public relations firm might also be necessary to spread awareness about the breach.
Refunds/discounts – People will be angry with your company should a data breach occur and you must find a way to placate them. Companies in the professional services industry might have clients demanding a refund and a termination of any agreements that might require your organisation to reduce monthly fees to keep them happy. Businesses offering goods might consider providing- future discounts to encourage customers to return or re-establish trust.
Technology upgrades – Whatever the cause of the data breach, chances are you will need to improve your current IT systems to ensure it doesn’t happen again. And remember, you aren’t simply going to pay for the new software/hardware but you will also have to cover the expense of training your staff to use it.
Fines – Not only will your business take a public hit should it suffer a data breach, but the government does not look very favourably upon this either. While each industry is different, you might face a stiff fine with organisations in the healthcare and financial services industries having to cope with the largest punishments.
Credit card considerations – Your responsibilities dramatically increase if credit card data is stolen. In many cases you will have to pay for each customer affected to receive a new card. In addition to this, you might also need to provide free credit monitoring subscriptions for those individuals who had their credit card data stolen.
Business reputation – Companies that suffer a data breach almost always take a significant hit to their reputation and see a decline in new customer acquisition in the short term. While things can return to normal over the course of the medium and long term, your organisation will need to brace itself for a potentially significant decrease in business right after a data breach.
What much does all this cost?
IBM now has a Data Breach Risk Calculator which you can use to help you determine how much this event could cost your company. By using this calculator, we were able to see just how much a data breach would cost an industrial company with less than 500 employees. Our example company does not have an existing data protection program in place nor does it handle consumer credit card information.
This fictitious company has never suffered a data breach in the past and only has operations in Australia. In our potential event we are going to say the company lost somewhere between 1,000 and 5,000 files. So just how much will this data breach cost?
According to the Data Breach Risk Calculator, our example company will end up paying $441,000 for this event or $147 per file. While this is significantly less than the cost of the average data breach in Australia, it is still an extraordinary expense that most businesses will struggle to cope with. It’s also impossible to know how exactly your current and future clients will react, which is why the figures are simply an estimate. Each data breach is unique and it’s not unimaginable that your organisation will have to deal with greater expenses.
Prepare Today – Avoid Paying Tomorrow
While some business owners are turning to Cyber Insurance to alleviate the costs of a data breach, having the correct protections and planning in place is still the best way to go. The 2016 Cost of Data Breach Study noted that one of the most effective ways to prevent a data breach was to expand the use of encryption to all files that contain customer or employee information.
Providing your employees with the correct training and awareness is also another wise investment to avoid possible data breaches. After all, it is the actions of your staff that will most likely lead to strong security, or lack thereof, at your organisation.
Should a data breach occur, having the proper disaster recovery and business continuity plans in place will ensure you company is better able to deal with the aftermath. Of course these can also help with numerous other events and should be incorporated into best business practices.
While there is no way to bulletproof your business from a data breach, having the right protection and planning in place can make all the difference in the world. If you want to know more about how a data breach can affect your business, contact Empower IT today.