A recent Forbes magazine article, “What is the Cost of a data Breach,” has reported on how much money a breach can cost your organization. The question is, can you afford a data breach? Or rather, can you afford not to secure your records?
Using data from the Ponemon Institute, the U.S. has endured the most expensive data breaches on record. The average total cost per breach has increased from $3.54 million in 2006 to $8.19 million in 2019. This is Just the tip of the iceberg. The International Association of Computer Investigative Specialist (IACIS), has also conducted research identifying three different types of cost as a result of a breach: direct costs, indirect cost and hidden costs.
The direct costs are identified as immediate monetary impact. These include decreased sale revenue and a drop in share price. The costs for legal professionals as well as security professionals to investigate the breach are included, as are the set up of post-breach response activities such as call centre support and any payouts made to affected clients.
Indirect costs are associated with the loss of consumer trust which comes about as the result of a data breach. It also includes loss of income from investors being less likely to buy your stock or selling any shares they may have.
The hidden costs are even harder to quantify. These costs can include the costs incurred from lost business hours as employees divert efforts to resolve the breach. The impact to future technology investments will likely increase substantially to counteract the impact of the breach, which could impact future investment in innovation and growth of the business.
If these costs seem staggering, then it makes sense to plan a security strategy around reducing the risk and impact of a breach. The Ponemon institute says having an incident response plan and incident response team ready to go in the event of a breach can save up to $360,000 per breach. In addition, implementing a tried and tested business continuity plan (BCP) is another necessity for organizations that heavily rely on information systems. The plan includes every step that must be followed if a disaster such as a total system outage or ransomware breakout strikes your business. Thankfully, Uzado’s Breach Readiness as a Service (BRaaS) puts the business continuity plan and incident plan together to help lessen the impact, and your financial risk. 