When security gurus discuss an enterprise data breach, they talk about how it can cost a company somewhere between a few hundred dollars to millions of dollars per record – that’s each single record. Even at the low end of the spectrum, a data breach exposing even a few dozen records can be devastating, particularly for small companies with limited financial resources.
While it’s a staggering figure, and it does provide companies with some incentive to protect sensitive data – it’s still not a complete picture of the true costs of a data breach. Here’s a look at what goes into this number and what constitutes the real cost of an enterprise data breach.
Whether you’re pursuing the hacker for financial damages or you’re being sued by clients because their personal information was stolen, a data breach can mean an expensive lawsuit. Not only will you have to pay lawyers to represent your company in court, but management and other personnel will have to spend time creating a defense, conducting research and testifying in the courtroom. All of these tasks are time-consuming and take personnel away from core and essential business activities.
Companies have an ethical quandary when they find out that their software infrastructure has been breached, especially when customer data is accessed or leaked. If businesses inform customers of a breach or even a suspicion of a data breach, they can then take steps to block bank accounts, change account numbers, and monitor for suspicious activity.
But a company can also lose customers by making it known that sensitive personal information has been stolen. This, unfortunately, leads some companies to believe that the best approach is to stay quiet. But this can actually lead to more damage in the long run, creating a sense of distrust among consumers – especially in cases in which a customer’s identity is stolen and the root cause is eventually traced back to your company. Honesty is the best policy, but plan to come forward with measures you’re taking to rectify the problem and offer customers a discount, reward, or some type of support to compensate for potential damages.
After a company has been the victim of a data breach, the loss of business can force a workforce reduction. Laying off staff or closing departments is the last thing an enterprise wants to do, but some even end up closing their doors completely if they’re not able to recover from the domino effect of a data breach. The combination of lawsuits, loss of business and loss of competitive advantage can sometimes be too much for a company to overcome.
Existing customers may understand and remain loyal to the company if word gets out that the businesses suffered from a data breach. This does not mean that any damage to the company’s reputation has been avoided.
Unfortunately, data breach prevention isn’t a 100-percent guarantee, but you can drastically reduce the likelihood of a breach by using proactive security measures. Undertaking these measures – and being able to prove you have adequate systems in place – is often the key to maintaining customer loyalty. The reputation fallout from a data breach can take years to repair, even with your best efforts to make it right with your customers.
The real cost of the enterprise data breach isn’t always easy to determine. A specific fallout or negative impact might not be readily linked to a data breach, and the effects can linger long after the initial breach occurs. And if you’re not aware that a breach has occurred, you’re not prepared to handle the fallout. Potential lawsuits, loss of customers, damage to reputation and possible downsizing are costs that will vary from company to company. No matter what the final dollar figure, the truth is that no enterprise can truly afford a data breach.