A data breach can cost a company millions – but how much exactly and why?

In an increasingly interconnected digital world, data is the new Holy Grail – and that holds true for businesses as well. Collecting, processing and applying data can have a tremendous impact on a company’s performance. Yet, the more data companies collect, the more they are likely to become victims to data breaches that see valuable information compromised – and have immense financial repercussions. But how much exactly are data breaches likely to cost a company?

Data Breaches Are an Expensive Affair

Companies nowadays collect and process a variety of data – information on their employees and vendors, data that is essential for day-to-day operations and sales, even data that is used for analytical purposes to determine what they could do to improve their performance. More and more firms are setting up internal policies to ensure data security, ranging from uncovering hidden risks and classifying sensitive data to containing malicious or inattentive users with access rights. Against this volume of data, many companies find that their data security strategies are not elaborate enough to protect them – and they often suffer the financial consequences of a data breach.

Infographic: The Price Tag Attached to Data Breaches | Statista

You will find more infographics at Statista.

According to the 2018 Cost of Breach Study compiled by the Ponemon Institute that surveyed over 2,200 professionals across 477 enterprises in the IT and compliance industry, the average financial damages of a data breach for a company is roughly $3.86 million, with every record costing around $148. An incident impacting 1 million records will end up costing a company roughly $40 million and a data breach that compromises 50 million records can rise up to $350 million. Yet, companies in the US suffer even more: the average total financial losses due to a data breach can reach $7.91 million, while, in Canada and Germany, the same figure is around $4.7 million and falls to $3.68 million in the UK and $2.53 million in Australia.

Mitigating the Impact of a Security Incident Can Have Devastating Costs

A data security incident means that companies have to invest resources and money into first containing and combating the attack – which means increased pressure on finding direct cash flows to battle an emergency. This can put a strain on any company’s financial planning but it is just the tip of the iceberg. Mitigating the impact of the attack can take damages to a whole new level – companies might need to pay back customers and, depending on the type of data stolen, they suffer reputational damage that leads to losing customers and investing money in rebuilding trust in their brand, while they often need to bring their day-to-day operations to a halt until the breach is properly addressed.

This all adds up to one thing: losing money. And the amount of money that needs to be spent to mitigate a security incident can really bring a company to its knees. When the NonPetya malware hit the international shipping and logistics giant Maersk, their IT department had to reinstall over 45,000 computers, more than 4,000 servers and roughly 2,500 applications in just ten days, so that the company could go back to doing business. This meant that Maersk, which sees some 20,000 of its containers pass through a port somewhere in the world every 15 minutes, had to manage 80% of their operations without IT for ten whole days. They saw a 20% drop in volume and invested a considerable sum of money in installing the new infrastructure.

Suffering a data breach can be devastating – but planning ahead, investing resources in proactive preparation for potential hackers, and training employees can greatly help in reducing the risk.