enVista logo blue


Understanding the True Cost of a Security Breach

cyber security

When housing insurance first became available, people were not convinced it was a good idea. The concept of paying upfront for insurance to cover an event that might occur seemed illogical. Without a need for the insurance, people weren’t buying in.

Then a person saw their neighbor’s house catch on fire and the need for housing insurance became apparent. “It could happen to me,” suddenly became a reality.

No One Is Exempt from an Attack

Until the impact of a major disaster is felt firsthand–whether experienced personally or by witnessing how it impacted a close friend or family member–it can be easy to believe you are exempt.

The truth is, no one is exempt–especially when it comes to the security of your organization.

We are all used to reading the headlines:

“Yahoo data breach affects at least half a billion users.” (Source)

“Marriott Hacking Exposes Data of Up to 500 Million Guests” (Source)

“Equifax says Website Vulnerability Exposed 143 Million US Consumers” (Source)

The headlines often highlight large, well-known organizations. But security breaches affect organizations of all sizes. In fact, small businesses are often an ideal target.

  • 43 percent of cyber attacks target small businesses.
  • 60 percent of small companies go out of business within six months of a cyber attack.
  • 48 percent of data security breaches are caused by acts of malicious intent. Human error or system failure account for the rest.

While IT departments often promote increasing security efforts, often, it is not until a breach occurs that a business becomes willing to invest resources into security. But organizations need protection–a security insurance policy–before disaster strikes.

How much does a security breach cost?

Most organizations are aware of the financial impact a security breach can have on their organization. What they fail to realize is the true cost of a security breach.

Following a breach, organizations are impacted by both direct and indirect costs.

Direct Costs

Direct costs include any expense incurred as a result of activities performed post-breach, such as the need for legal aid.

Direct costs of a security breach may include:

  • Increased investment in an organizational security program
  • Federal and State regulatory penalties
  • Legal aid
  • Identity protection services for victims
  • Need to hire professionals to investigate the breach

Indirect Costs

Indirect costs of a security breach include any expense incurred that was a direct result of the breach such as lost business. Indirect costs are easy to overlook until a breach impacts your business. The impact of indirect costs should not be underestimated, as it is the indirect costs that often are the ones that make it difficult for businesses to recover from an attack.

In a study conducted by the Ponemon Institute, it was determined that companies are spending almost twice as much on indirect costs than direct costs.

Indirect costs may include:

  • Employees’ time spent on recovery (downtime, time to restore, time to recover, time spent notifying customers)
  • Lost business in the form of customer turnover
  • Negative impact on reputation
  • Litigation by impacted customers
  • Damage to company databases
  • Increase in the cost of obtaining new customers (due to failed trust)

What is the average cost of a data breach?

The average data breach cost can vary depending on the size and nature of the breach, as well as the industry and location of the affected organization. However, according to a 2022 study by IBM Security and the Ponemon Institute, the global average cost of a data breach was $4.35 million USD.

This cost includes expenses such as investigations, remediation, notification, legal fees, and lost business. The study also found that the cost per lost or stolen record was $150 USD on average.

It’s important to note that these costs are just an average, and the actual cost of a data breach can be much higher or lower depending on the circumstances. It’s essential for organizations to take proactive measures to prevent data breaches, as the costs of a breach can be significant, not to mention the potential reputation damage and a loss of customer trust.

Protect Your Business

No business is exempt from attack. Security breaches impact organizations both large and small.

Think of your security program as a security insurance policy. The more proactive you are, the less likely it is that your organization will undergo an attack and be forced to learn the true cost of a security breach.

Unsure where to begin? Start with an IT Security and Risk Assessment. Our team can help you develop a cyber security solution that minimizes security breaches and helps you respond to and contain threats as they emerge.

About the Author

Related Posts

Shopping Basket

Contact enVista

Thousands of clients across a variety of industries consider enVista an integral and important part of their business strategy. You should, too.
Notification Header
The leading news agency comes to your smartphone.  Download now.