Thank you for your interest. We Will Contact You Soon...
Your email ID is already registered with us.
Data Breaches Costs and Impacts
Business - January 29, 2019
Every year, thousands of high-profile attacks are launched against enterprises of all
sizes in the United States. Counting those driven by automated malware, there are
millions of attempted network breaches each and every year.
Over the last decade, the frequency, size, quantity, and acceleration of attacks have
continued to grow far beyond what was imaginable only a short time ago. Hackers now
have countless targets to choose from: Credit card data, corporate credentials, and
Social Security information, among others.
Each enterprise has its own collection of sensitive data and assets that may come
under attack at any time. While there is no way to precisely calculate the losses a
given organization may suffer, there are three broad categories:
• Direct Costs
• Revenue Loss
• Business Disruption
• Direct Costs of a Data Breach
Direct Costs of a Data Breach
It takes an average of more than 200 days for organizations to uncover a data breach
once the earliest evidence is noticed. Outside actors notify organizations of a
breach more than two thirds of the time. It may cost millions to completely extract
hackers – who may have had full data access for years – isolate affected systems,
and protect sensitive information.
Consumers now expect most organizations that suffer a breach will offer credit
monitoring to their affected users. Retail rates for these services range anywhere
from $10 to $30 monthly for every customer. You may be paying such rates for years
Class action lawsuits follow virtually every noteworthy data breach. These not only
result in tens of millions in costs, but ensure additional overhead and complexity
over multiple years. Legal fees, settlement amounts, and federal entanglements all
prolong the pain.
From retail to healthcare, many organizations have complex compliance requirements.
Even if you had achieved 100% compliance, you are typically required to pay fines
after a breach. These can range anywhere from $50 to $90 per affected individual for
companies responsible for financial data.
In-house costs of data security expertise are notoriously high. Tools, solutions, and
service providers, can all be extraordinarily expensive. Compensating and retaining
top security talent is particularly onerous and requires long-term commitment.
Insurance premiums skyrocket in the aftermath of many security incidents – if you
even manage to retain your coverage. Premiums can rise across the board when
insurers reassess the threat landscape. Only countervailing security investments can
offset the increased risks.
Revenue Loss in a Data Breach
Brand Reputation Damage
No matter your industry, loss of consumer confidence makes a significant difference
for years to come. A sharp drop in both revenue and customers can be expected in the
wake of a publicized breach. Sometimes, the damage may linger for years and cast
company culture in a poor light.
Loss of Investment Opportunities
Financial analysts take long-term reputation damage and negative publicity into
account when making recommendations to investors. This can cause opportunities for
capital investment to evaporate and may completely destroy early stage enterprises
reliant on investment for growth.
Payment Card Suspension
Payment card processors have every right to withdraw their services from enterprises
that have experienced a major lapse in security protocol. While this remains rare,
it would be a death blow to many brands whose customers could not be expected to
shoulder payment inconvenience.
Business Disruption After a Data Breach
Stock Price Declines
Historically, stock prices have rebounded in time even when breaches are perceived by
the public as particularly egregious. However, with lower stock price comes an
opportunity cost that cannot be recouped. A loss of $10 or more per share is not
unknown and may be sustained for months.
CEOs and CIOs are at greatest risk when a data breach takes place. Boards and
investors want to see someone accept blame, even in cases where little more could be
done. Not only do some executives “fall on the sword,” but the org chart may expand
to add more strategic IT roles.
A major breach tends to sideline the company strategy for a long time to come.
Expected hiring and investments are put on hold. New products and services may be
slowed. A company’s whole outlook could be impacted long-term in the most insidious
Lessons Learned from Data Breach Victims
• A managed security services vendor is in the best position to help you
evaluate the possible costs of a breach in your situation. Factors involved are
complex, and internal analyses often don’t capture the full picture. You should
multiply any existing estimates 2x to 3x.
• Proactive security management – avoiding the breach in the first place – is
the best way to curb IT security costs. More enterprises are looking to managed
security services for this reason: You can benefit from new capabilities almost
immediately at a fraction of the in-house cost.
• It’s far too easy to overlook the importance of IT security commitments
because security does not generate ROI in the traditional sense: It is an
insurance policy against an inevitable, but unpredictable future. As a result,
most U.S. firms are not investing sufficiently in security.
• Compliance requirements should be seen as a start, not the “end all, be all”
of security. You can dramatically reduce your long-term exposure to data
security risk when you implement a full risk assessment, preferably in
cooperation with an American managed security services brand.
A complete risk assessment should include:
• Identification of gaps in personnel, policies, security procedures, and
• Identification of solutions that can mitigate the exposed gaps in priority
• Clarification and implementation of the needed investments – in time and
• Third-party managed security services teams can rapidly deploy and manage new
solutions, mitigating risk fast. They ensure ongoing regulatory compliance and
dramatically reduce the likelihood of a disruptive attack by hackers.
After a breach, some in the public blame the hackers, while others point the finger
at the firms victimized. The difference? The perception that you’ve taken every step
possible to protect customers’ sensitive data.