535 Connecticut Ave. Suite 104
Norwalk, CT 06854
Empire State Building
350 Fifth Avenue, 59th fl.
New York City, NY 10118

Featured Article

October 30, 2017

Breaking Down the Total Cost of a Data Breach

Getting hit with a data breach is a bit like getting into a car accident. It’s common to think it will never happen to you, until it does and you are left to deal with the consequences — and, of course, the financial repercussions.

Here is a breakdown of what you will have to pay following a data breach:

Remediation: On average, it takes 46 days to resolve a cyberattack at a cost of $21,555 per day. This is a total cost of $973,130 just on remediation alone. During this phase, critical equipment may need to be turned off or moved offline, which can impact customer-facing services or important backend processes. The source of the breach will also need to be identified and contained which can take a lot of time and force you to pay IT staff overtime. Remediation is typically one of the most expensive parts of a data breach.

It’s not the only thing you will have to pay for, though. You can also expect to lose money on:

Notifications: Customers, employees, attorneys, partners and law enforcement will all have to be alerted of the data breach within just a few hours after its initial discovery. This takes time, and money — and it can pull employees away from important projects they are working on, thus hindering productivity.

Legal costs: Consider this: Attorneys representing banks and other financial companies were awarded $15.3 million in litigation fees after Home Depot’s 2014 data breach — as well as an additional $710,000 in expenses and $2,500 in awards for class representatives. Attorneys, in other words, don’t work for free — and they are essential for navigating the slew of legal complications that will arise after a breach.

PR: A data breach is a public relations nightmare, and the incident may require you to consult with a third party company offering PR services for customer and media relations. Again, this type of service is not free.

Lost customers: As we explained in a recent article, 64 percent of customers are unlikely to do business with a company after having their financial or sensitive information stolen. So don’t expect all of your customers to keep doing business with your company after a breach.

So as you can see there are both direct and indirect costs associated with a data breach. These are just of the few of the many expenses you can expect to face after an incident.

Instead of getting blindsided by a cyberattack, and dealing with the financial fallout, it makes much more sense to be proactive about cybersecurity maintenance. By spending money on employee cybersecurity training, or ongoing computer maintenance from a managed services provider, you will pay significantly less in the long run.

Consider this:

According to one estimate, the average cost of a data breach is $3.62 million. The average number of compromised documents in a data breach is 24,089. Having an incident response team on hand can save $19 per record, or $457,691 per breach. Extensive use of encryption can save $16 per record, or $385,000 per breach. And having board level involvement can save $5.10 per record per breach, or $123,000 per breach.

Apex Technology Services can work closely with your organization to provide the ongoing education, guidance and support it needs to avoid costly security incidents. Ultimately, Apex can help you build a strong cybersecurity culture.

Here are the fundamental elements of a cybersecurity culture:

1.    Cybersecurity training must be done regularly.

2.    Auditing and documentation must be performed regularly to ensure systems are secure.

3.    Anomaly detection should be running constantly to detect threats as they emerge.

4.    Penetration testing shows if systems can easily be reached from the outside. Here is a case where this test might have saved two company’s’ reputations from being destroyed.

5.    Network forensics for when a breach eventually occurs. The bad guys always seem to get in eventually.

6.    An action plan to follow when a breach does occur. Once it happens, few will have the clear heads needed to “wing it” correctly. Equifax botched it’s response in what is being called a PR catastrophe.

To ensure your organization is safe – even if you have internal IT, hire an experienced MSP or MSSP like Apex Technology Services.

Related Articles