The issue of data breaches continues to grow. Data breaches impact companies of all types and in every industry, posing threats that corporate executives and business owners are only now truly beginning to understand. A recent study provided a better sense of exactly what the monetary impact of data breaches are globally, and the numbers are truly eye-opening: According to report compiled by the Ponemon Institute and sponsored by IBM Security, the average cost a company bears following a data breach has climbed to $4 million. This represents an increase of 29% over the last few years.
Combine this with the fact that there has been a rise of 64% in the number of incidents between 2014 and 2015 and there is very good reason for concern.
The costs climb for data breaches
Keeping up with the cybercriminals is increasingly difficult and increasingly important. While their methodology and approach grows more and more sophisticated, the damage that is done with compromised records has become even more far-reaching, with each one representing $158 in costs to the breached company. The study finds that of all the steps organizations that want to protect themselves and minimize the impact of a breach can take, the single most important is to create an incident response team that looks for and responds to issues. The impact of putting one of these teams in place translates into reducing the per record cost by $16. Though this may seem like a small adjustment, based on the average number of records impacted per breach it adds up to almost $400,000 in cost savings to an individual company.
Perhaps most worrying of all is the fact that when companies are assessing costs, they often do not take into consideration the intangibles.
An analysis of how the actual costs break down shows that more than half of the expense consists of forensics looking into what happened, communications, paying legal expenses, and complying with regulatory mandates. It also showed that the less prepared a company is and the longer it takes for them to realize that a breach has occurred, the higher these expenses are likely to be: when a company detects cybercrime within 100 days the average costs drop by roughly one million as compared to those that are discovered after the 100-day mark. Unfortunately, it takes most companies more than 200 days, and roughly ten weeks to fully get the issue under control.
Companies often focus on how much they spend on legal fees, what it costs them to notify clients, and the fines that they are required to pay, and pay little heed to what the disruption of their business process cost them, or what competitive advantage they may have lost as a result of data being dispersed. The loss of competitive advantage and the cost of notoriety for poor security can be devastating. Deloitte Advisory recently released a report titled Beneath the surface of a cyberattack: A deeper look at business impacts that estimated that the costs that organizations focus on represent less than 5% of the actual monetary impact that a cyberattack has, and that the impact lasts longer than most realize.
According to Hector Calzada, a managing director with Deloitte Advisory, “The ability to quantify intangible damages is especially important in anticipating business impact In many cases, an approach based on tallying actual recovery costs that hit the balance sheet would paint a significantly distorted picture of the cost to business performance.” His words are echoed by firm principal Don Fancher, who points out that most executives are unaware of the depth of impact that cyber espionage and data destruction can have. “Our intent is not to scare executives into thinking that all cyber incidents will be more costly than they think,” he says, “It’s to give them a better understanding of their specific risks so they can make more educated decisions that are aligned with their business strategies.”
One way that you can address your company’s data breach risk is by ensuring that you have a robust and comprehensive data destruction strategy in place. E-Waste Security is a data destruction and computer recycling company based in Los Angeles, California that can assist you with on-site data destruction and hard drive shredding services. Contact us today to learn more.