It is time to shed the “it can’t happen to me” mentality about data breaches. We hate to be the bearers of bad news, but yes, it can. Data breaches are on the rise; in fact, in a study done by Ponemon, 54% of respondents had experienced at least one data breach in the past year.
Despite the reports, many businesses, especially small to medium sized businesses (SMBs), underestimate the true cost of a data breach. This optimistic bias makes companies a great target for criminals because their systems are not adequately prepared for an attack.
Here are five things to consider about the true cost of a data breach:
With virtualized storage and servers, no breach is a small breach.
Virtualized storage and servers are amazing business tools, but they come with a lot of risk. If implemented insecurely, they present an all-you-can-eat buffet for hackers; with one breach criminals could have access to a majority of a company’s confidential information.
Virtualization is becoming a necessity to run a business, so you can’t completely avoid the risks, but you can take precautions to protect yourself. A good starting point is to implement foundational security practices such as defense in depth, multi-factor authentication and awareness training.
The loss of customers
If a company loses customer information, its business will suffer; the damage often leads to a loss of customers, business partners, income, and reputation.
Here are three statistics from Ponemon regarding loss after a data breach in SMBs:
- 42% of U.S. respondents stated they “lost customers and business partners”
- 41% of U.S. respondents experienced an increase in the “cost of new customer acquisition”
- 35% of U.S. respondents “suffered a loss of reputation”
Losing your customers is a real possibility after a data breach. Many companies end up having to hire a PR professional to do damage control, and because they intervene during a crisis, they can charge high fees.
Another costly form of damage control is offering incentives. In the wake of a data breach, companies often offer coupons or free items and services to keep people loyal.
A good example of how expensive damage control can be is Stratfor’s data breach in 2011. Stratfor, a geopolitical intelligence firm, had a data breach that resulted in 860,000 e-mail addresses and 75,000 unencrypted credit card numbers being stolen. The firm offered to pay for a one-year subscription to identity protection services for anyone affected by the breach and was the subject of a lawsuit.
When BYOD leads to a data breach
A bring your own device (BYOD) policy can lead to a couple of different kinds of data breaches. First, the device can end up in the wrong hands after being lost or stolen. With little work, due to stored passwords, a hacker can access company information. Second, an angry, terminated employee with company information on his/her computer could leak confidential information.
Despite the risks, BYOD is the way businesses are moving and it does prove to be productive for companies. To protect yourself against a breach, your company needs to have a strict BYOD policy and make sure employees are educated on the issues.
Don’t forget the lawsuits
If your data breach results in customer information being lost, you could lose big in court. Sadly, small businesses can even be ruined by a lawsuit.
This issue calls for more than just digital security. Your company should be up to date on your state’s laws regarding liability and have a liability statement in your client contracts.
Companies need to change their views on internet security. No company is immune to a data breach and companies need to protect themselves and their customers. Don’t be the company that pays attention after it is too late – an investment in security is an investment in the future of your company.