When you begin to estimate the true cost of a data breach, you most commonly think in terms of dollars and cents. For example, Target’s 2013 data breach reportedly cost the company $186 million; Sony Pictures will spend an estimated $35 million in investigation, remediation, and IT repairs for its hack; Home Depot spent $43 million in just one quarter; and the Anthem data breach may smash the $100 million barrier (congrats!). Getting hacked is expensive. The Ponemon Institute’s 2014 Cost of Data Breach Study estimates the average data breach costs U.S. companies $195 per record lost, amounting to $5.85 million per breach.
The dollars and cents certainly add up. But the steep financial burden isn’t the only one your company faces when an intruder enters the network. When organizations get hacked, there are numerous long-term effects to consider, and they may come unexpectedly.
The true cost of a data breach includes:
A system destroyed must be rebuilt. Nowhere is this truer than when talking about the infrastructure of your business. Included in Sony’s stolen data were hundreds of files containing employees’ login details and other personal access information. That means every staff member had to change every login and that every server had to be re-keyed. Think of how long that would take within your organization, and then multiply that by the sheer size of Sony’s. That time spent rebuilding internal systems equals additional dollars. According to one analyst, the cost of rebuilding Sony’s computer systems could total $83 million. That’s just IT costs, not factoring in other productivity losses related to breach cleanup. Do you know what us normal folk could do with $83 million?
Loss in Business Opportunities
You’re about to do a major business deal, and you send one of your top executives cross country (we’ll call him Jack) to seal the deal and sign the papers. The meeting couldn’t have been a bigger success. Everyone is jazzed and the potential client is ready to sign. On the way back, Jack sends confidential information about the deal over an unsecure Wi-Fi network at the airport, unknowingly comprising his device and the financial information of each one of your clients. You need to notify all clients immediately, including the very lucrative one you just met with. Before Jack is even back in his home office, the deal is off. So are dozens of other deals by clients angry that you didn’t protect them, as well as potential clients who were also notified.
This is a loss in business opportunity, and it’s what happens when you fail to protect those who trust you to keep them safe. Four in ten small business owners and at least two of every ten C-suite executives think lost or stolen data won’t seriously impact their business, but we doubt their business partners would agree.
Loss in Consumer Confidence
When you sell direct to consumers, it’s not just partners whose trust you risk losing, you also risk consumer confidence. The breach of Target had a direct result on consumer confidence, which could be seen in Target’s sales numbers after the breach. According to the Washington Post, the company’s profit plummeted by almost 50% in the months after the breach, falling by more than a third by the end of 2013. Target didn’t begin to rally until the end of 2014. How would your business fare if your sales were cut in half for a year? Would you still be around?
Why Not Prevent It From Ever Happening?
In truth, it’s hard to quantify the trust cost of a data breach because there are simply too many factors. Will employees begin to have doubts in the company? Will talented recruits choose other options? Will a client who would have partnered with your company second guess that decision? You’ll never know for sure.
What we do know is that rebuilding after a data breach is far more expensive than developing a strong security awareness training program in the first place—one that may have helped you prevent the breach altogether. When you consider that the price tag on a data breach is likely to equal millions of dollars in repairs, creating a habit of security doesn’t just seem like common sense, it seems like good business cents, too.