How Much Could a Data Breach Cost Your Company?

By Beth Kotz, Jun 27, 2017

As businesses increasingly adapt to the realities of modern technology, data security has become a critically important component of any successful business plan. Business runs on data – whether it’s financial records, credit card numbers, medical records, email addresses or anything in between – and companies that fail to adequately protect that data leave themselves and their customers exposed to tremendous risk. As high-profile incidents at Target, The Home Depot and other large companies have shown, data breaches can incur millions of dollars in expenses and damage the trust of consumers. Below is a more detailed look at the true cost of a data breach, as well as best practices for keeping digital data safe and secure.  

Financial Impact 

According to the Ponemon Institute’s 2016 Cost of Data Breach Study, data breaches hit the United States harder than any other country. The average data breach in the U.S. cost companies a staggering $7.01 million in total. On a per-capita basis, American companies again pay the heaviest toll with an average cost of $221. These costs arise from a number of sources, including remediation and customer service costs, legal fees and fines, increased customer turnover, rising customer retention and acquisition costs and more.  

Public Perception 

A deeper – if less immediate – cost to businesses following a data breach is a loss of public trust and goodwill. In the aftermath of a data breach, customers often see the targeted company as less trustworthy and less secure. A 2016 study by the cybersecurity firm FireEye revealed that three-quarters of customers say they would opt to take their business elsewhere in the event of a data breach, and nearly as many say they would be less likely to share personal information. The study also shows that typical response measures following a breach, such as offering free monitoring or compensation, are often ineffective in restoring trust and goodwill, reinforcing the importance of preventing a breach from occurring altogether.

Consumer Concerns 

A data breach is a heavy blow from the perspective of a business, but its customers often suffer as well. Many affected customers must endure the hassle and cost of reporting the compromised data, applying for and obtaining new credit card and bank accounts and vigilantly monitoring for further suspicious activity in the future. Customers may also suffer damage to their credit as a result of a breach, particularly in the event of identity theft. Rebuilding a damaged credit score is a lengthy process and customers may have their financial standing significantly upset in the meantime.

Best Practices for Data Security

The good news for businesses is that, despite the ever-evolving threats from hackers and other entities, many data breaches can be prevented by implementing a basic cyber security plan. The first step is to retain only the data that is absolutely essential to business operations. Access to both physical and digital data should be strictly controlled, and employees should be thoroughly trained in proper data handling and security practices. All software should be promptly patched and kept up-to-date, and point-to-point encryption should be implemented for any sensitive data channels. Finally, payment networks should be segregated from wider networks in order to limit access.

Though there are no foolproof practices, a comprehensive data security plan is an essential part of any modern business. Effective data security depends on being proactive. In fact, according to a case study by The SANS Institute, the $260 million Home Depot breach – and many others like it – could likely have been prevented by simply implementing point-to-point encryption (P2PE) and properly segregating payment networks.

A data security breach is a devastating event for both businesses and their customers. It can cost millions of dollars, negatively impact public perception and leave customers exposed to identity theft and ruined credit scores. Breaches pose a danger to businesses of all sizes, but small and mid-sized companies are especially at risk. The loss of goodwill and reputational risk is difficult to overcome, making prevention all the more important. By creating a comprehensive cyber security plan and implementing the steps outlined above, businesses can be better prepared to face the realities of modern data security.

About the author

Author photo

Beth Kotz is a freelance writer and contributor for numerous home, technology, and personal finance blogs. She graduated with BA in Communications and Media from DePaul University in Chicago, IL, where she continues to live and work.


Unbiased Actionable Insights

Accelerate your organization’s journey to analytics maturity

Get the data sheet to learn how the Research & Advisory Network advances analytics capabilities and improves performance.

Download data sheet »

Become a Research & Advisory Network Client

Get answers to your toughest analytics questions with IIA's Research & Advisory Network.