What is the real cost of a cyber breach?
The past 12 months have seen an unprecedented surge in cyber criminal activity, with this increase having largely been driven by the coronavirus pandemic and a rise in eCommerce revenue across the globe.
This has been borne out by a number of different statistics, including the increased spend on cybersecurity throughout 2020 with companies worried about the costs associated with a cyber breach. This number peaked at $123 billion last year, rising in comparison with 2019 despite the fact that the overall IT spend fell during the same period.
Foreign exchange company Travelex was hit by an incredibly sophisticated ransomware attack last year, for example, with this impacting operations in more than 70 countries. IT services brand Cognizant was also hit by a ransomware attack in 2020, causing data breaches and huge disruption for clients.
In this post, we’ll appraise the true cost of a cyber breach, both from a financial perspective and the damage caused to reputation and brand identity.
The financial cost of a data breach
While it can be hard to quantify the true financial cost of a cyber breach, various organisations have studied this in detail over the course of the last few years.
Take IBM, for example, where researchers analysed the data breaches that took place across the globe in the year ending April 2019. Incredibly, they found that the total, average cost of a data breach to a single business is an estimated $3.92 million, with the damage particularly pronounced in western countries such as the US.
Here, the average cost of a data breach is a staggering $8.19 million, with this representing the highest figure of any country across the globe.
These total costs are spread across a number of different areas of business, including the initial detection of the breach and its escalation over time. Then comes the deceptively high cost of notifying people and affected parties of the incident, which may require writing letters or making international calls.
This also ties into the cost of the business’s response, which will definitely include legal costs and may feature gifts or compensation to customers and clients. This is why businesses must respond quickly and effectively to all cyber attacks, regardless of their scale or the impact that they have on daily operations. The right cyber insurance can help businesses to mitigate damage to their brand, as well as covering liabilities and additional costs to deal with customer communication and legal fees.
Of course, companies can also incur huge business losses as a result of a data breach, primarily as a result of subsequent downtime and extended disruption to services.
What about the non-financial cost of data breaches?
Given these inflated and diverse costs, it’s little wonder that businesses are increasingly inclined to invest in cyber insurance as a way of protecting their customers and core financial investment.
Even then, however, there are various non-financial costs to consider when appraising the impact of a cyber attack.
For example, a wide scale and highly publicised data breach can impinge the credibility of the affected business, potentially deterring new and existing customers from interacting with the brand in the process.
This especially applies to breaches that affect customer’s personal and most sensitive data, as they may feel that they cannot trust this in your hands going forward.
Small businesses may find this particularly challenging, especially if they lack the resources to respond decisively and compensate customers for their loss in one way or another.
At the very least, customers must immediately be reassured that your business is taking the incident in question seriously, while you must also outline clear steps that will minimise the risk going forward.