The True Costs of a Cyber Breach

Digital technology has transformed the business world, allowing companies of all sizes to take advantage of greater speed and efficiency. Advanced data gathering tools make it possible to compile detailed information on consumer preferences and production capabilities, so leaders can deploy resources in a strategic, cost-effective way.

However, the new technology comes with a downside. As businesses increase reliance on electronic communication and data storage, more and more sensitive information travels through cyberspace. This is a tempting opportunity for hackers and data thieves, who use lax security to gain access to valuable information.

From stolen customer financial information to exposure of trade secrets, businesses face tremendous risk when it comes to cyber attacks. Related expenses extend far beyond the obvious tangible costs of recovering from a breach. Unfortunately, many small and medium-sized companies fail to make the necessary investment in information technology services required to protect sensitive information, which means they are easy targets for data thieves.

Some small and medium-sized businesses have learned from the well-publicized cyber breaches of Target and Sony Pictures, realizing that information security is a must-have. Others have decided that the risk is too low to justify investment in IT security measures. This is a dangerous fallacy. Cyber attacks against small businesses are on the rise, making up 43 percent of breaches in 2015.

Direct Costs of Recovering from a Cyber Breach

After interviewing business IT support experts at 383 global companies, the annual IBM-sponsored Cost of a Data Breach Study determined that the average financial impact of a serious cyber attack is approximately $4 million per incident. This breaks down to approximately $158 for each stolen record, examples of which include health information, credit card details and social security numbers.

These figures are calculated by considering both the direct and indirect costs of the breach. Direct costs include basic recovery expenses, such as hiring forensics teams and incident response specialists, along with the legal and regulatory fees that frequently result from these cases. In addition, companies that are responsible for the improper release of information must foot the bill for free credit monitoring subscriptions for impacted individuals. There is an immediate drop in productivity if the breach causes any downtime. Unfilled orders and lost sales lead to brand damage, which extends beyond the cost of lost work time.

Once the initial issue has been resolved, there are a wide variety of financial repercussions related to cyber attacks. One of the most costly is the loss of business due to poor publicity. Consumers tend to shy away from companies involved in cyber breaches, and decreased revenue can plague affected businesses long after the initial incident. Without a comprehensive marketing strategy to repair the damage, some companies never recover, and the cyber breach eventually leads to business closure.

IT Investment Mitigates Risk

While it is impossible to predict and prevent every cyber attack, making an appropriate investment in network security services can dramatically reduce risk. Further, when a breach does occur, appropriate investment in IT resources leads to faster identification of incidents and lower per-incident cost.
The average cyber breach isn't usually discovered for six months, which means hackers gain access to a larger number of records. Research shows that companies who locate and secure breaches within a month save approximately $1 million. A well-trained incident response team can bring business operations back on track faster, saving up to $16 per stolen record, and use of encryption saves companies another $13 per record. Steps like these require a small upfront investment to save far more in the long term.