The Average Cost of a Data Breach

By: Jordan Millwood, Staff Accountant

Technology offers an abundance of benefits and resources to our lives every day, however, it has become impossible not to recognize the dark side of technology. Despite the publicly known string of recent data breaches, large companies are not the only ones who fall victim to cyberattacks. The effects for large corporations are immediate as stock prices fluctuate and consumers lose trust in the brand or services, but the consequences for smaller businesses are even more staggering. Companies cannot afford to ignore the risk they face from cyber threats, no matter the company size.

A 2016 Denver Post article details a study that 60% of small businesses close within six months after a data breach as financial recovery becomes fiscally impossible. According to a 2018 IBM study, the average cost of a data breach has risen almost 7% between 2018 and 2017 to a whopping $3.86 million. The study also showed the “average cost for each lost or stolen record containing sensitive and confidential information also increased by 4.8% year over year to $148.”

Cisco CEO John Chambers states “there are two types of companies: those that have been hacked, and those who don’t know they have been hacked.” Because of the monetization of personal data, even small companies bear risk that employee social security numbers or passwords will be breached. Hackers seek vulnerable targets to exploit and small to medium-sized companies are often targeted because they may not have the resources to establish a robust information security system or they do not believe that they are a target in the first place.

Take the 2016 case of General Linen Services Co. vs General Linen Services, LLC: one linen company was found guilty of hacking the other to obtain client data and lure customers away. The hack was made possible because both businesses used the same third-party vendor to store customer data and that vendor used the same password for both companies. Though this case shows information security is not always in the control of the company, it shows that any company could be a victim.

How can companies, especially ones lacking resources to pour into IT security, protect themselves? To start, implementing multifactor authentication, token-based protection like physical security keys and employee awareness campaigns are all vital. Employees being proactive, aware and vigilant of potential scams are your first line of defense.

However, to truly be in control and protect your company, a SOC for Cybersecurity assessment can help. Our IT Risk Assurance & Advisory team can help ensure your cybersecurity risk management program is effective in minimizing opportunities for a breach. The assessment is a great framework to evaluate the effectiveness of a company’s cybersecurity risk management program and design controls to detect deficiencies and insufficient policies and procedures. Contact our team today to learn more about this service.

Ultimately, the first thing all companies need to do is to accept that no matter the line of business or size, ignoring the costs of falling victim to a data breach may be a bigger risk than they can afford.

Contact Us