Understanding the True Cost of a Security Breach
When housing insurance first became available, people were not convinced it was a good idea. The concept of paying upfront for insurance to cover an event that might occur seemed illogical. Without a need for the insurance, people weren’t buying in.
Then a person saw their neighbor’s house catch on fire and the need for housing insurance became apparent. “It could happen to me,” suddenly became a reality.
No One Is Exempt from an Attack
Until the impact of a major disaster is felt firsthand–whether experienced personally or by witnessing how it impacted a close friend or family member–it can be easy to believe you are exempt.
The truth is, no one is exempt–especially when it comes to the security of your organization.
We are all used to reading the headlines:
“Yahoo data breach affects at least half a billion users.” (Source)
“Marriott Hacking Exposes Data of Up to 500 Million Guests” (Source)
“Equifax says Website Vulnerability Exposed 143 Million US Consumers” (Source)
The headlines often highlight large, well-known organizations. But security breaches affect organizations of all sizes. In fact, small businesses are often an ideal target.
- 43 percent of cyber attacks target small businesses.
- 60 percent of small companies go out of business within six months of a cyber attack.
- 48 percent of data security breaches are caused by acts of malicious intent. Human error or system failure account for the rest.
While IT departments often promote increasing security efforts, often, it is not until a breach occurs that a business becomes willing to invest resources into security. But organizations need protection–a security insurance policy–before disaster strikes.
Hidden Costs of a Security Breach
Most organizations are aware of the financial impact a security breach can have on their organization. What they fail to realize is the true cost of a security breach.
Following a breach, organizations are impacted by both direct and indirect costs.
Direct costs include any expense incurred as a result of activities performed post-breach, such as the need for legal aid.
Direct costs may include:
- Increased investment in an organizational security program
- Federal and State regulatory penalties
- Legal aid
- Identity protection services for victims
- Need to hire professionals to investigate the breach
Indirect costs include any expense incurred that was a direct result of the breach such as lost business. Indirect costs are easy to overlook until a breach impacts your business. The impact of indirect costs should not be underestimated, as it is the indirect costs that often are the ones that make it difficult for businesses to recover from an attack.
In a study conducted by the Ponemon Institute, it was determined that companies are spending almost twice as much on indirect costs than direct costs.
Indirect costs may include:
- Employees’ time spent on recovery (downtime, time to restore, time to recover, time spent notifying customers)
- Lost business in the form of customer turnover
- Negative impact on reputation
- Litigation by impacted customers
- Damage to company databases
- Increase in the cost of obtaining new customers (due to failed trust)
Protect Your Business
No business is exempt from attack. Security breaches impact organizations both large and small.
Think of your security program as a security insurance policy. The more proactive you are, the less likely it is that your organization will undergo an attack and be forced to learn the true cost of a security breach.
Unsure where to begin? Start with an IT Security and Risk Assessment. Our team can help you develop a cyber security solution that minimizes security breaches and helps you respond to and contain threats as they emerge.
Cody Maus is a Senior Security Analyst at enVista and has experience designing, supporting, and assessing security solutions for small businesses to Fortune 500 companies. At enVista, Cody oversees enVista’s Managed Security Operations and is focused on designing and implementing security solutions for our clients. He utilizes his experience in the security industry to design solutions that fit a customer’s needs.