Definition of a Data Breach: “A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes.” (source: ico.org.uk).
$2.1 trillion – the economic cost of data breaches globally
A study by Juniper research back in 2015 estimated that the economic cost of a data breach is set to quadruple to $2.1 trillion globally by 2019 (https://www.juniperresearch.com/press/press-releases/cybercrime-cost-businesses-over-2trillion).
Depending on the nature of the breach, and what data has been compromised, calculating the cost of a data breach in real terms can be quite a complex equation to create (and more often than not, estimations can fall considerably short of the final total). In fact, as reported by Tech Radar last year, since the announcement of the personal data breach by Equifax in September 2017 (announced 2 months after the actual breach occurred), in its SEC filing for Q118 results, the company had incurred a total of $242m of expenses related to the incident and incident and incremental IT and Data Security Costs, of which $68.7m was just in Q1 18*.
The costs of a data breach
- Conducting an investigation into the cause of the breach (a task that may require resource outside of the organisation)
- ascertaining the likely number of data subjects affected
- Organising the response team and executing the incident response plan
- PR and External communication strategy (customers, shareholders, suppliers/vendors, security)
- Legal expenses as well as remediation measures (updating contracts, installing new security software, replacing physical security equipment, reimbursing customers and compensation)
There are also the after-effects to consider when counting the cost of a data breach. This may include, the effect on the share price and share performance in subsequent months (Equifax share price reached levels of approximately $140 between July and 6th September) has never recovered to those levels, in fact dropping to as low as $89 in just under a week post-announcement of the breach. Of course, customers will probably terminate their accounts and move to competitor offerings, and any new business will more than likely be qualified out very quickly.
In some cases, the cost of a single data breach or lawsuit may be large enough to shut down an organization and destroy a career, as numerous news article have reported (one example being https://blogs.wsj.com/bankruptcy/2012/03/12/burglary-triggers-medical-records-firm’s-collapse/)
How can you prevent a Data Breach?
There are a number of measures which you can implement that will help to minimise the risk of being subject to a data breach. This includes (but not limited to) the following:
- Encryption of data (both at Rest and in-motion)
- Training of staff so that they’re aware of their obligations when it comes to Data Protection.
- Updating policies (such as remote working, bring your own device, staff internet usage, USB/external device policy)
- Penetration testing of systems
- Information System Security Assessments
- 3rdparty suppliers/vendor due diligence (and the ability to audit your partners)
Contact email@example.com to discuss how we can help your business.