Data loss, whether caused by an external attack or an internal mishap, has long been considered problem cybersecurity teams, IT departments, and CIOs need to worry about. However, while technical implementation plans should be in the hands of experts, the risk of data loss itself is something that concerns all areas of a business. The reason for it is all in the numbers.
According to IBM and the Ponemon Institute’s Cost of a Data Breach report 2020, last year, the global average cost of a data breach was $3.86 million/breach. The United States registered the highest average total cost at $8.64 million/breach, followed by the Middle East at $6.52 million/breach.
The biggest contributing cost factor, accounting for a staggering 39.4% of the average total cost, was lost business. And that is, of course, where data loss becomes a business concern. Data breaches do not only mean security failures and potential regulatory fines but can affect a company’s bottom line. In the case of small and midsized companies, things can take an even grimmer turn. Many are forced to close up shop within 6 months of a data breach.
This worrying statistic has much to do with SMEs’ security unpreparedness and a lack of awareness on the part of their management of the cost of a data breach. According to cloud security firm AppRiver, nearly 70% of the 1,083 executives and cybersecurity decision-makers working in SMEs that it interviewed for a survey thought a successful cyberattack would cost them less than $25,000, with half expecting damages to amount to less than $10,000. However, cybersecurity company Kaspersky reported that the average cost of a breach for SMEs in 2020 was, in fact, $101,000.
The Impact of Data Loss on Businesses
The lost business referred to in the Ponemon Institute’s report includes several contributing factors. Among them is system downtime. When a system is compromised because of a breach, a company often needs to take it offline to curb any further data leaks, to assess the damage and remedy the situation. For a company relying on online orders for revenue, the longer a system is offline, the more money it stands to lose. Similarly, in case of an attack on company computers, as cybersecurity and IT teams work to mitigate an attack, employees’ work is often interrupted and they can lose entire days of work as a consequence.
If data loss happens internally, because of an employee’s mistake, companies must identify the source of the leak. When sensitive data is unmonitored, this can prove to be an arduous task, with IT departments often at pains to identify the person responsible for the loss. A long internal audit can lead to an increase in billable hours for cybersecurity experts and a decrease in the productivity of employees as investigations interfere with their daily tasks or the efficiency of their work devices.
Trust is a key factor in the relationship between a company and its customers. When individuals consent for their personal information to be collected and processed by an organization, they expect companies to protect that data and use it for the purposes for which it was needed. When a data breach occurs and that sensitive data is made public or put up for sale, it is a direct betrayal of that trust.
As a consequence, existing customers are likely to search for more secure alternatives and flock to competitors. In the same way, new clients may be deterred from engaging with a company if they find it has suffered data breaches in the past and has thus a proven record of poor security practices. When it comes to SMEs in particular, who are just building their brand, a data breach can be fatal to their fragile reputation.
Mitigating the ill effects of reputational damage is not something that can be fixed by simply adopting stronger security policies to avoid future data breaches. Current and potential new customers need to be informed of these efforts to rebuild trust and for a company’s public image to be rehabilitated. This is done through the work of marketing and PR departments.
Not Just a Niche Concern
As shown above, the effects of a data breach can reverberate into all aspects of a business: from disrupting daily operations and deterring sales to overburdening IT departments and creating extra work for marketing teams. This makes it essential for companies to prioritize cybersecurity and data protection to avoid the costs and disorder data breaches bring with them. Using tools such as antivirus software, firewalls, encryption and Data Loss Prevention can help protect data, but also reduce the costs of a data breach by shortening response times.
It is also essential for business leaders to understand the risks of data breaches themselves rather than to rely on IT departments to shoulder the burden and responsibility alone. Better informed top management can take better decisions and direct company policies from the top down to create a more security-conscious work environment.
Frustrated young business man -DepositPhotos