It may sound like science fiction, but if businesses such as Equifax, LastPass and Deloitte (to name just a few) can get hacked, then any business is a potential target. Just to throw in some numbers, in 2016 alone there were 4.2 billion records stolen due to data breaches, and these are only the ones that have been publicly announced by companies.
Along with quantifying the number of records stolen, how much can a data breach cost a business? According to a Ponemon Institute analysis sponsored by IBM, the average total organizational cost of a data breach reached a new high in 2017 with $7.35 million, up from the $5.40 million recorded in 2013, and up 5% when compared to 2016.
According to the study the average cost for each lost or stolen record containing sensitive information increased to $225 from $221. That’s a 2% increase in cost per record. Hackers obviously target higher-value targets like health records, which may be worth as much as $50 on the black market for a complete record. A credit card or social security number, meanwhile, will only sell for as low as $1.
What makes the stolen data valuable? The potential to social engineer the person whose information was sniffed during the breach.
Certain industries are more prone to hacking, too: financial, life science, health, technology and service organizations all experience a relatively higher rate of data breaches compared to the public sector or entertainment organizations.
This means that in the health industry, for example, the cost of a breach can reach as high as $380, with the financial sector coming in at $336. Compare this to the public sector, where the cost of data breach is only $110, according to the Ponemon study.
The average cost of a data breach includes direct and indirect expenses that the organization incurs as a result. Some examples of these are:
- Forensic experts
- Outsourcing hotline support
- ‘Apology’ services, such as free credit monitoring subscriptions and discounts
- In-house investigations
- Extrapolated value of customer loss
What Can Small Businesses Do to Protect Themselves?
Don’t fall into the trap of thinking that the data your business collects is not valuable: a business’s treasure trove is the data that employees collect. Small business owners need to understand the exact value of the data that they have and what would be of value to hackers if a breach did occur, as well as ensuring they protect the high-value personal data of their employees. As a first step, SMB owners should be aware of where this data is stored and start personalizing security programs and access levels with the protection of this unique and valuable information in mind.
How Can Business Owners Reduce Breach Costs?
This is where the Ponemon study is helpful once again since it identifies a pattern for the surveyed U.S.-based small businesses: 52% of incidents involved a malicious or criminal attack, 24% were down to negligent employees and another 24% were due to system glitches that included both IT and business process failures.
Also, this security risk increases if employee password management is not controlled. Just think about the weak passwords that most people create – thanks to the pattern called transformations – and the unfortunate habit of re-using that same password for numerous different accounts.
In order to address these issues and lower the security risk, there are just a few simple things to keep in mind: have a good password policy, educate employees on the latest cyber security threats, and monitor the network and data assets for vulnerabilities.
Best Password Managers of 2019