The Cost of Data Breaches and the Need for Data Security

When you think of a data breach, you may think of some of the high profile cases over the past few years:Target, Experian/T-Mobile, Office of Personnel Management, and JP Morgan Chase.
In just those companies alone, 193 million records were compromised.

You may have been one of them.

It shouldn’t surprise you that 47% of data breaches are caused by criminal intent, based on a 2015 study conducted by Ponemon Institute. Besides hackers, other cyber security breaches are due to system glitches and human error.

No matter how they occur, data breaches are expensive. For small businesses, the cost could be devastating.

What is a data breach? “A breach is defined as an event in which an individual’s name plus a medical record and/or a financial record or debit card is potentially put at risk—either in electronic or paper format…The costs of a data breach can vary according to the cause and the safeguards in place at the time of the data breach.”

– Ponemon Institute

How Many Customer and Vendor Records Do You Have?

When looking at data breaches of 100,000 records or fewer, the United States tops the list. The average cost per record for a data breach is $217, up 15% since 2013. The costs vary between industries, with healthcare being the most expensive.

Included in the costs are:

• Investigation
• Remediation, such as hiring experts to pinpoint the source of the breach, lessen damage, and implement preventative measures
• Offering credit-monitoring services to affected customers
• Compliance with notification requirements
• Regulatory fines & filings
• Disruptions in normal business operations
• Lost business
• Legal fees

These costs do not include under-reporting. Some businesses may not report incidents as data breaches, even when reporting is necessary. If the breach later becomes public, the costs associated with fines and penalties, as well as business reputation, will rise.

Most of the under-reported incidents are not the result of a business intentionally hiding them. Rather, many businesses do not have a process in place to handle all risks, whether small or large.

There are also the intangibles that go beyond business reputation. These may include company secrets, contracts, and sales contacts. Even personal emails as was the case with Sony in 2014.

More from the eSOZO Blog:
9 Scary Reasons Your Business Needs a 24/7 Cyber Security Service

How to Protect Yourself

Follow these safeguards to protect your company against data breaches:

• Robust cybersecurity
• Constant system monitoring
• Encryption for email (and as needed for storage of particularly sensitive data)
• Adequate physical security
• Appropriate company policies about security and access control
• Employee training on policies
• Periodic review and update to policy and security safeguards
• Appropriate infrastructure and network design
• A strong Business Continuity and Disaster Recovery (BCDR) plan or data breach response plan

Additional Sources: Compliance and Ethics, HIPAA For MSPS

Author: Aaron White, Date: 6th June 2016