IBM's Annual Cost of a Data Breach Report is out, and the results align with what many people already know: Data breaches have not only become more common, they have also become more costly.
It's the continuation of a costly trend that's impacting companies and consumers with frightening regularity, and businesses that aren't planning to protect their data security aren't looking out for their customers' best interests or their own bottom lines.
The report found that the average data breach will cost companies $3.92 million. Even small businesses, which operate with more modest budgets and more limited data sets, can expect upward of $2 million in expenses that continue to plague companies years after a data loss.
Of course, data breaches are a bottom-line issue in many ways. Consumer sentiment is quickly shifting toward accountability for data privacy, which means that the less quantifiable reputation cost is just one customer-facing consequence of a data loss event. At the same time, global regulatory bodies have begun holding companies accountable for that data security, increasing the importance of getting this right.
Therefore, as we head into 2020, protecting the bottom line means understanding the risks of a data breach, and this information must lead to a comprehensive approach to data security that accounts for the most prominent risks.
The many ways that data loss costs companies
In many ways, data is the most valuable resource of the digital age. It's the lifeblood of digital platforms that rely on this information to provide compelling, intuitive and seemingly magical online experiences.
With 2.5 quintillion bytes of data created every day, it's also not in short supply. For decades, companies collected copious amounts of personal information with impunity.
No longer. Today, company data sets are sitting ducks for criminals and bad actors, and this data loss is expensive, hitting a company's bottom line in several ways.
1. Consumers demand data security.
A data breach is bad for any company, but it most prominently impacts the customers who involuntarily lost control of their personal information.
Customer information is often the prize of a data heist, and recent surveys show that consumers are unwilling to spend their money with companies that can't protect their personal data. For instance, 74% of Australians identified a company's data security initiatives as an important metric in their buying decisions, and 43% indicated that they would never return to a brand after a data breach. Globally, that number is even higher. A survey by Gemalto, the world's largest manufacturer of SIM cards, found that "a majority (70%) of consumers would stop doing business with a company if it experienced a data breach."
To put it simply, for many consumers, forgiveness is not an option. Since consumers have little control over how companies manage, store and use their personal data, they are using their wallets to support platforms that promote data security.
Clearly, this is terrible news for a company's bottom line. While major corporations like Facebook, Capital One and Equifax have faced significant blowback from data breaches, their deep pockets keep them afloat while they weather the storm. Many small and midsize businesses aren't so fortunate. A joint report issued by Cisco and the National Center for the Middle Market found that 60% of small companies fail within six months of a data breach.
In 2020, every company should strive to solidify their customers' confidence by putting their best foot forward with their cybersecurity initiatives. If not, many customers won't ever return after a data disaster.
2. Regulatory bodies impose fines.
Privacy regulation is on the rise. Europe's General Data Protection Regulation (GDPR) is the most expensive and recognized expression of this priority, but increased regulation is undoubtedly a global trend.
More than 80 countries have data privacy regulation on the books. These laws strive to set a standard for data management, and they carry significant financial implications for companies that don't comply.
In its first year, GDPR fines exceeded $57 million, a significant sum that looks small compared to this year's penalties. GDPR-specific fines can reach 2% to 4% of annual worldwide revenue, which means that any company doing business with a European national could face significant penalties for failing to protect their customers' data. British Airways, which paid the full 4% of annual worldwide revenue, was issued a $230 million fine for its data breach that impacted 500,000 customers.
Of course, Europe isn't the only one extending fines and penalties. In July, the Federal Trade Commission (FTC) announced a $575 million settlement for credit monitoring company Equifax in response to the company's 2017 data breach that compromised the personal information of 140 million people.
Collectively, fines for major corporations exceed $1.23 billion, making regulatory oversight a serious threat to any company's bottom line.
3. Repair and restoration expenses rub salt in the wound.
Despite a company's best response plans, recovering from a data breach is incredibly expensive. Depending on the nature of the breach, companies are on the hook for acquiring third-party security consultants, attaining new hardware and providing supportive services for customers impacted by the breach.
Capital One, the latest large corporation to endure a data breach, expects to pay $150 million in credit monitoring services alone, with cascading costs continuing for years to come.
Moreover, for companies working in tightly regulated sectors like healthcare, financial services and energy, the long-tail costs of a data breach can extend as companies pay to update their cybersecurity initiatives to address the cause of the data breach. Data breaches have financial implications from many angles that significantly threaten companies' bottom lines.
Fortunately, your organization isn't powerless when it comes to protecting customer data, and significant financial pain doesn't have to be lurking in your company's future.
How to protect customer data
Data security is a daunting task for any company, to be sure. IT professionals have to be perfect while cybercriminals and bad actors only have to get lucky once to wreak havoc on an institution's data. Therefore, every organization needs to pursue the right priorities to ensure their resources are directed at the appropriate vulnerabilities in an ever-changing threat landscape.
In other words, focus on the most controllable elements of your cybersecurity initiatives. Insider threats, both accidental and malicious, contribute to a significant number of data loss events, and companies can mitigate these threats with software solutions.
The 2019 Data Protection Report by Shred-it found that human error was the leading cause of data breaches in the legal sector, while 15% of U.K. employees would steal company data for as little as $1,260 and would sell intellectual property for $315 or less.
Monitoring software with built-in automation can help companies control this data. Some of its abilities include
- Identifying employees who are likely to steal company data
- Restricting access to sensitive information, ensuring that all employees have access to company data on a strictly need-to-know basis
- Sending real-time alerts before a data loss event occurs
Most importantly, these functions are automated, lessening the management burden for cybersecurity professionals while ensuring that your data landscape is accounted for. When coupled with endpoint data loss prevention software, monitoring software can give IT administrators a jump on emerging threats and position them to stop a breach before it occurs.
External threats remain a prominent problem, but by focusing on internal threats, organizations address their most controllable security vulnerability, lessening the likelihood of a devastating data breach.
Finally, implement top-down cybersecurity protocols to protect company data. Privileged users are as much of a risk as other employees, and, when it comes to protecting company data, what's good for the goose is good for the gander.
Data breaches don't respect position or credentials, and everyone needs oversight to ensure that information is safe and secure. Notably, accidental breaches incited when employees click on phishing scams are shockingly common, and the right automated boundaries can defend against threats at every level.
Closing thoughts
When IBM releases the 2020 Cost of a Data Breach Report, it's likely to detail more escalating expenses for companies and their customers. It's clear that to protect bottom lines in 2020 and beyond, data security has to be top of mind for every organization.
Breaches cost companies on many fronts, and the risks never entirely dissipate. Don't let the immense challenge discourage action. Prioritize data security by focusing on the most controllable threats, and implement the security strategies that can mitigate those threats.
Evaluate your cybersecurity initiatives, and take the steps to fully secure your company's data. Your bottom line depends on it.