The full cost of a data breach can be enormous: Here’s what’s at stake when it comes to hacking.
IT service and security companies always warn their clients about just how bad a data breach could be. However, you need to know more than generalities. It’s time for some specifics about the total potential consequences. Remember, 60% of small businesses that suffer a data attack are out of business within six months. If that sounds high, just take a look at the costs involved.
Many industries have security regulations to protect customer data – And they come with hefty fines if a company fails to uphold their end of the security requirements. For example, “willful neglect” with HIPAA data can lead to a $1.5 million fine for just one violation (Fines of $4.8 million have occurred). That’s not something a small business in the healthcare industry can typically survive. What this means is that you must double, and triple check how your patient data is handled. Other national and international regulatory bodies may also impose fines if a data breach was caused from improper security.
A secondary but also significant part of this cost is notification. For sensitive information like healthcare records, a company must notify all their customers immediately that data was stolen – And e-mail isn’t always an option. Postage adds up very quickly when you’re required to send out hundreds or thousands of first-class letters!
Businesses shouldn’t pay ransom to cybercriminals. However, this isn’t always the case. Many companies try paying ransom when malware threatens to destroy all their data if a payment isn’t made. This typically works out to be a few hundred dollars per infected computer. It’s not the biggest expense, but it’s one of the most annoying – And there’s no guarantee it will work.
A hacking attempt can leave a business unable to use their software or devices. This means their revenue stream dries up. Approximately 29% of businesses that experience a data breach lose revenue, and 38% of those companies lost more than 20% of their revenue. Large data breaches may also involve non-revenue activities to notify customers, like establishing call centers and developing FAQ-based web pages.
Employee Productivity Issues
Even if you manage to keep operations going, that doesn’t mean productivity is going to be maintained. Employees tend to get really stressed when a data breach affects their work. Combine this stress with the extra job requirements they now face, and it’s no wonder employees don’t get much work done. Studies have shown that cases of identity theft eat up around 175 employee work hours – And that’s assuming everything else functions normally.
Who hacked the company? What vulnerabilities did they exploit? Exactly what data was stolen, and where is it showing up? Answers to these questions don’t just drop out mid-air—A company needs to set up an investigation, which typically involves hiring outside services, or putting together an internal team. All this takes time and money.
Customers Abandoning Your Business
Talk about bad PR— Would you trust your confidential information to a company that recently had data stolen? A significant number of customers end up leaving or canceling services. Around 22% of businesses lose customers after an attack, and 40% of those lose more than 20% of their customer base. Those customers flee to nearby competitors, which means more resources for them, and less market share for your company.
New Customer Loss
It’s no surprise that new customers are hard to find after a publicized data attack—23% of businesses lose new opportunities after a data attack, and 42% lose more than 20% of potential new business. This can last months into the future depending upon how visible the attack was.
Covering Victims’ Costs
In the case of identity theft, your company will probably be required to pay for credit monitoring and other services for the victims. This is usually around $100 per victim, per year, with requirements running one to two years into the future.
Insurance companies don’t like it when their clients experience data theft—Especially if they’re covering disaster-recovery costs or intangible business loss. This means insurance costs go way up, and it could be more difficult to find insurance in the future.
Data backup and recovery costs can vary greatly depending upon the system used. However, the real recovery costs of a data breach lie primarily in upgrades, or what is sometimes referred to as “remediation” (a word synonymous with costing a lot of money).
Software and hardware may need to be upgraded and patched to seal the vulnerability that caused the breach. This involves paying for new services, apps, and computers. However, it can get more complicated—If you’re using a piece of software that’s proven to be outdated for modern security measures, you may need to roll out new solutions and rework your entire data strategy. Over time, these costs can become a real headache.
If it’s proven that data was mishandled, you also must consider the possibility of a lawsuit. It’s not a guarantee, and there’s no certainty that a lawsuit will lead to damages or a settlement—However, people are very sensitive when it comes to their personal data. Don’t discount the possibility of requiring court representation, which adds yet another layer of long-term costs to the disaster.