• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Student360
  • About
    • Secure360
    • UMSA
  • Secure360 2022
  • For Sponsors
  • For Speakers
  • Get Involved
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

The true costs of a data breach

November 28, 2012 by Secure360 and UMSA

It is time to shed the “it can’t happen to me” mentality about data breaches. We hate to be the bearers of bad news, but yes, it can. Data breaches are on the rise; in fact, in a study done by Ponemon, 54% of respondents had experienced at least one data breach in the past year.

Despite the reports, many businesses, especially small to medium sized businesses (SMBs), underestimate the true cost of a data breach. This optimistic bias makes companies a great target for criminals because their systems are not adequately prepared for an attack.

Here are five things to consider about the true cost of a data breach:

With virtualized storage and servers, no breach is a small breach.

Virtualized storage and servers are amazing business tools, but they come with a lot of risk. If implemented insecurely, they present an all-you-can-eat buffet for hackers; with one breach criminals could have access to a majority of a company’s confidential information.

Virtualization is becoming a necessity to run a business, so you can’t completely avoid the risks, but you can take precautions to protect yourself. A good starting point is to implement foundational security practices such as defense in depth, multi-factor authentication and awareness training.

The loss of customers

If a company loses customer information, its business will suffer; the damage often leads to a loss of customers, business partners, income, and reputation.

Here are three statistics from Ponemon regarding loss after a data breach in SMBs:

  • 42% of U.S. respondents stated they “lost customers and business partners”
  • 41% of U.S. respondents experienced an increase in the “cost of new customer acquisition”
  • 35% of U.S. respondents “suffered a loss of reputation”

Damage Control

Losing your customers is a real possibility after a data breach. Many companies end up having to hire a PR professional to do damage control, and because they intervene during a crisis, they can charge high fees.

Another costly form of damage control is offering incentives. In the wake of a data breach, companies often offer coupons or free items and services to keep people loyal.

A good example of how expensive damage control can be is Stratfor’s data breach in 2011. Stratfor, a geopolitical intelligence firm, had a data breach that resulted in 860,000 e-mail addresses and 75,000 unencrypted credit card numbers being stolen. The firm offered to pay for a one-year subscription to identity protection services for anyone affected by the breach and was the subject of a lawsuit.

When BYOD leads to a data breach

A bring your own device (BYOD) policy can lead to a couple of different kinds of data breaches. First, the device can end up in the wrong hands after being lost or stolen. With little work, due to stored passwords, a hacker can access company information. Second, an angry, terminated employee with company information on his/her computer could leak confidential information.

Despite the risks, BYOD is the way businesses are moving and it does prove to be productive for companies. To protect yourself against a breach, your company needs to have a strict BYOD policy and make sure employees are educated on the issues.

Don’t forget the lawsuits

If your data breach results in customer information being lost, you could lose big in court. Sadly, small businesses can even be ruined by a lawsuit.

This issue calls for more than just digital security. Your company should be up to date on your state’s laws regarding liability and have a liability statement in your client contracts.

Companies need to change their views on internet security. No company is immune to a data breach and companies need to protect themselves and their customers. Don’t be the company that pays attention after it is too late – an investment in security is an investment in the future of your company.

Filed Under: Business Continuity Management, Cybersecurity, Risk and Compliance

About Secure360 and UMSA

The Secure360 and UMSA team is made up of professionals in the security and risk management industries. Topics of expertise range from physical security, IT, risk management, cybersecurity, cloud, information security and records management.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Bryghtpath LLC
    Bryghtpath LLC: Bryghtpath CEO @bryanstrawser presented last week at the @Secure360 Conference on "Navigating the Ransomware Challe… https://t.co/iXa3JeRKNN
    about 9 hours ago

  2. Scott Sutherland
    Scott Sutherland: For those who missed it, here's a video of the "Building Ransomware Detections" presentation I gave @Secure360 last… https://t.co/DkjNZnCfRw
    about 16 hours ago

  3. 🟣Tyler Cohen Wood
    🟣Tyler Cohen Wood: @HaroldSinnott @Secure360 Thank you, @HaroldSinnott!
    about 1 day ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2022 Secure360. All rights reserved.