This is the hot question these days, with various entities citing different studies and formulas. While there is no 100% accurate way to calculate the hypothetical cost of a data breach to your organization, we’d like to explore the contributing factors and options you have to safeguard yourself.
For example, a major retailer was breached in 2013, exposing 40 million payment cards and personal information on 70 million customers. The price tag on that breach is $252 million and counting. (Class Action Litigation, Feb.26, 2015.)
Let’s break down these costs. The breached company must address:
- Auditing: Bring in a forensic auditor to determine how their systems were breached
- Remediation: Remediate the security breach with hardware, software, monitoring solutions and consulting
- Credit Monitoring: Provide credit monitoring for 6-12 months for every individual whose records were exposed
- Insurance Deductible: Pay the insurance deductible even if they are insured for breaches
- Litigation: Deal with class action suits from consumers, suits from issuing banks to recover losses and shareholder class action suits
While these costs are obviously extremely detrimental, the breach also inflicted immeasurable damage to the company’s customer loyalty and brand reputation. The Ponemon Institute estimated it takes $3.5 million to repair the damage from a breach. This figure is up 15% from last year, perhaps suggesting it is becoming increasingly difficult for an organization to recover from such a media disaster.
The recently published Data Breach Investigative Report for 2015 published by Verizon forecasts the average loss for a breach of 1,000 records is between $52,000 and $87,000. Compare that to a breach affecting 10 million records where the average loss is forecasted to be between $2.1 million and $5.2 million.
I urge organizations not to be complacent by harboring the “It won’t happen to me” mindset. Experts affirm companies have a 1 in 5 chance of falling victim to a data breach. Before this happens to your enterprise, adopt a defensive strategy and protect your data and processes from malicious attacks. Read about our solutions here.