How Much Does the Average Data Breach Cost a Business?
In the United States, the number of data breaches has reached an all-time high involving over a billion records. When a data breach occurs, the typical reaction is to determine the short-term impact. In fact, many companies focus on quantifying the damage, preparing a response, and configuring a budget for penalties, legal fees, consulting third party vendors, and data breach security.
However, the right option is to ensure cyber security services are implemented to mitigate risk over the long-term and help prevent class-action lawsuits, reputational damage, and associated sales losses.
Data breaches happen when an unauthorized actor obtains access to secure networks and data. In 2018, the United States experienced around 1,244 data breaches. These attacks have high costs that affect businesses directly and indirectly.
As a whole, the Ponemon Institute’s Cost of a Data Breach Study found that the worldwide average cost of a data breach is $3.86 million. Further, the average cost per hacked record is $148.
The Ponemon Institute also studied “mega breaches,” those impacting up to 50 million records. Ponemon found the average cost of a mega breach was $40 million on the low end and around $350 million on the high end.
Nonetheless, every company is unique, and calculating the long-term average data breach cost must include multiple variables. Businesses that are still recovering from data breaches are continually uncovering various expenses such as lost business opportunities, loss of investors, loss of customers, employment churn, and more. Moreover, they’re still trying to comprehend the nature and overall impact of a data breach.
Calculating the cost of the average data breach
Concerning data breach security, organizations must figure out how to get it right all the time. Unfortunately, cyber criminals only have to succeed one time. Yet, hackers are only one component of the equation since there are many types of data breaches. Malicious attacks comprise over half of data breach incidents, while the other portion is due to either human error or system failures.
So, what are the factors that determine how much the average data breach costs a business? Some of the costs include notifications sent to affected individuals, regulatory penalties, legal fines, and technical investigations. Other hidden factors are both expensive and challenging to mitigate after a data breach.
Also, many companies publicly report lower costs than the actual costs because the hidden costs were not calculated in the tally.
Let’s take a more in-depth look at the potential aspects of a data breach cost to a business:
1. Detection and escalation
Detection and escalation costs include crisis management, investigative activities, audits, reporting, internal and external communications, and more.
2. Communication costs
Due to regulations, most companies must report to relevant authorities and the individuals affected by the data breach. Depending on the law, there are varying deadlines for notifications. For instance, a company may have to create a contact database, make phone calls to affected individuals, set up a system for data breach communications, and work with third-party experts. According to the Ponemon study, the United States had average notification costs of $740,000. But, communication costs are on the rise due to the GDPR and the CCPA.
3. Post-breach response
There are also costs associated with the activities related to a company’s response, such as product discounts, regulatory fines, identity protection, credit report monitoring offered to affected customers, help desk tasks, and inbound communications. For the U.S., the Ponemon Institute found that average data breach response costs are around $1.76 million.
4. Business losses
The loss of business, and investor funding, is one of the most critical costs impacted by a data breach. It can include the cost of losing customers, the cost of reputational damage, the cost of acquiring new customers, the cost of business disruption, and more. The cost of a business that lost 4% or more of their customers can expect to cost $6 million.
Losing customers is the most considerable cost, and the United States has the highest cost relative to every other country. Perhaps the costs in the U.S. are higher because consumers have greater choice. Moreover, U.S. data breach regulations ensure that customers are made aware expediently. It would help if you quantified these costs to get a comprehensive view of data breach costs. The only proactive measure for mitigating these losses and associated fees is by implementing cyber security services.
Another unexpected cost is employee turnover. First, company executives may leave voluntarily or get fired after a large data breach. Besides, employees may go as the business deals with the fallout. And, it may be harder to attract and recruit new talent after a data breach.
How would you reduce data breach costs?
One of the quickest methods for reducing the cost of security breaches is to deploy data breach security immediately. Not only will this decrease the time it takes to detect and mitigate a breach, but it can also ensure regulatory compliance.
For example, the cost of a data breach rises the longer it takes a company to detect the breach. According to the Ponemon Institute, a breach detected in under three months cost an average of $3.11 million. On the other hand, a breach caught after three months rose in average cost to $4.21 million. Why do the costs go up? The longer a cyber criminal has to cause damage and breach more records, the more expensive it becomes to manage.
It also becomes more costly when it takes longer to stop a breach. If a company can contain a breach in under 30 days, they can save up to $1 million in associated costs. Yet, the average breach containment time is 69 days. As a result, many companies have much work to do to invest in the right cyber security services.
Protect your data with SSI
At SSI, we offer several technologies that work in conjunction to provide robust data breach security and reduce associated costs. Our solutions can help to simplify compliance while preventing long-term damage from data breaches. Want to learn more about how SSI can help protect your data and decrease the costs of data breaches? Contact our expert team of cyber security professionals today.