After its massive data breach, Equifax estimated that its related costs would total $439 million by the end of 2018—but the real costs could be upwards of $600 million after dealing with government investigations and civil lawsuits. While this could be the most expensive data breach in history, the sheer volume of records drove up the costs exponentially.
Data breaches are costlier than most people think—and the cost keeps on growing. The 2018 study Ponemon Institute Cost of a Data Breach Study found that the average cost of a data breach is $3.86 million, an increase of 6.4% over 2017. According to the overall findings from the study, data breaches continue to be costlier and result in more records being stolen year after year. And no matter the size of a company, records are at risk.
Data breaches are the most expensive in the US and Canada, averaging $233 and $202 per capita, respectively, according to the Ponemon Institute. While cost fluctuates across industries and countries, the number clearly shows a dire truth: data breaches cut significantly into a company’s profits, often deeply.
But the real cost of data breaches goes much deeper than just the data lost; factors at play include missed opportunities, lost customers, and costs associated with remediating the data breach. In addition, certain factors like third-party involvement can increase the cost of data breaches. Let’s explore some of the additional costs.
Customer Churn Rate Increases
The Ponemon Institute found that in 2018, more organizations worldwide lost customers after a data breach. While there is a monetary cost associated with existing customers, there is also a missed opportunity cost attached, one that cannot be calculated but could be exponentially more than the calculated cost of losing existing business. The brand name suffers, and it can take years to remove the stain of a data breach from the minds of customers. The Ponemon Institute estimates that US companies pay the highest price for losing customers, at $4.20 million per breach.
Size of Breach and Time to Detect Drives up Costs
It makes sense that, the larger the breach, the more expensive it is. But the time to detect the data breach also drives up costs. While the Ponemon Institute found that organizations have reduced the time it takes to detect a breach from 201 days in 2016 to 197 days in 2018, overly complex system architecture (think: patchwork systems and ad hoc file transfers via consumer-grade file sharing services), as well as BYOD, can increase the cost of data breaches and make them harder to detect and remediate.
Detecting and Escalating Data Breach Incidents Requires Outside Services
These costs can include everything from forensic and investigative services to find where the breach originated to assessment and audit services, crisis team management (including public relations), and communicating to executive management.
Internal Services Will Be Needed
In addition to external services that companies will need to contain the data breach and prevent future breaches, they will also need to make significant internal investments to prevent a repeat of the incident. And the likelihood of a breach happening again continues to increase: the likelihood of a recurring data breach is 27.9%.
This can include governance, risk management, and compliance (GRC) programs to create the framework that will allow the organization to meet regulatory requirements, as well as investments in technology to block malicious actors. If the organization is using overly complex systems, the technology investments should include standardization and simplification, such as a unified, secure managed file transfer platform.
Post Data Breach Costs Add Up
Establishing and staffing a help desk, providing identity theft prevention services, handling inbound communications, special investigations, remediation, product discounts, and regulatory interventions can all add up. The United States has the highest notification costs for informing customers that their data has been compromised.
Additionally, if companies do not fully understand the scope of the data breach and compliance failures and rush to notify customers without engaging consultants, the cost of the breach can increase exponentially. Lawsuits can also drive up data breach-related costs, particularly if negligence can be proven easily. And no matter what, insurance costs will increase.
Breaches Caused by Malicious Actors Are Costlier Than Mistakes
The average cost of a data breach caused by a hacker was approximately 22 percent higher than a data breach caused by system glitches, human error, or negligence, according to the Ponemon Institute.
The real cost of data breaches extend far beyond just remediating the breach itself. Associated costs like third-party services and internal programs add to the expense. Depending on the size and scope of the data breach, as well as the method by which the company was breached, the costs could be much higher than anticipated.
To learn how to improve data security, check out "The Hidden Dangers of Everyday Information Transfer." Also, for learning by API Security is so important, check out our post on API Security: More than Just a Throttling Policy.
About the Author
Lori Angalich is the VP of Marketing at Lightwell. She loves exploring new technologies and business models, learning how things work, solving problems, and developing new ideas with others. She has a Bachelor of Science in Biology and an MBA in Marketing, and she enjoys applying her knowledge from both each and every day. Lori has a passion for travel, art, wine, music, wildlife (including her two dogs, who are a bit on the "wild side"), and most of all, creating great memories with her family.