A Data Breach Can Cost a Lot More Than You Think
When it comes to the real world cost of a data breach, perhaps Mark Twain sums up the math best with his famous quote, "Lies, damned lies, and statistics". While that may be a little harsh, the numbers do indeed lie. Take for example the report from First Data Market Insight, which claims that in 2017, the average cost of a data breach for small merchants was $36k. Compare that to the 2017 Ponemon Institute's report claim that the average total cost of a data breach is $3.62 million, and you can see how the numbers may lie.
Truth be told, both calculations were based upon different criteria and source data, which does explain such a wide variation in cost. That aside, one thing is certain, data breaches can prove to be quite expensive and could cripple a business. The question remains though, how can one figure out the true cost of a data breach, and why is that information so important?
Traditionally, calculating the costs of a data breach centered on some basic assumptions and measurements. For example, costs were calculated based upon down time, time to remediate, forensic practices, and so forth. All of which proved to be tangible elements and formulated into something that resembles a real-world cost that most any forensic analyst would tend to agree with. Even so, with the wide range of estimates possible, it can still be a daunting challenge to attempt to calculate the total price tag of a widespread data breach.
It is, however, possible to review the data and establish some benchmarks, as has been done in the 2016 Data Breach Study by the Ponemon Institute and IBM. The data indicates that the average cost per compromised record hovers around $221. A number that has some serious implications when thousands of records are compromised.
Delving further into the statistics, direct and indirect costs can be further broken out. The measure of $221 per compromised record breaks down to $76 per record representing the direct cost, which includes items such as legal fees and technological investments. However, that cost per record pales in comparison to the indirect cost of $145, which includes costs such as damage to an organization’s reputation and increased customer churn rate.
Regardless of the math, it all adds up to something very expensive, so expensive in fact that smaller organizations may fail due to a data breach.
Avoiding Data Breaches at All Costs:
While that potential cost of $221 per compromised record may strike fear into any infosec professional’s heart, the simple fact of the matter is that number can be used for good. C level executives know that cybersecurity is an expensive obligation, however many look to cut corners and take a gamble on funding technologies that may only cover minimal security needs. When the cost of breaches are put into dollar and cents terms, it is easier to justify the expense of security technologies. IT Pros can present to management solutions that may seem expensive initially, however become increasingly affordable when one considers what is at stake.
Think of it this way, if your organization is responsible for 10,000 customer records, and that information is stolen, the potential cost to the organization may very well be north of $2 million. Spending a few thousand dollars on multi-factor authentication seems quite economical, doesn’t it?
(Frank Ohlhorst is an award-winning technology journalist and IT industry analyst, with extensive experience as a business consultant, editor, author, and blogger. Frank works with both technology startups and established technology ventures, helping them to build channel programs, launch products, validate product quality, and create marketing materials, author case studies, eBooks and white papers.)