fbpx

How much does a data breach really cost?

//March 30, 2015//

Home>News>

How much does a data breach really cost?

How much does a data breach really cost?

//March 30, 2015//

Listen to this article

A flip through the news headlines shows that data breaches are increasing in frequency and severity, but it’s the recent privacy and security studies that are making companies face the facts by numbers.A flip through the news headlines shows that data breaches are increasing in frequency and severity, but it’s the recent privacy and security studies that are making companies face the facts by numbers. The 2014 Ponemon Global Report on the Cost of Data Breach benchmark study found that data breaches cost organizations on average $7.6 million and that there was a 10.4 percent net increase in breaches in the past year. 

To better understand your organization’s cyberrisk, it is important to analyze this study in proper context, taking into consideration the size of your business, industry, geography and regulatory environment to name a few. Large organizations in the retail, healthcare, financial and hospitality sectors have suffered significant privacy and security incidents. However, certain industry data suggests that the cost per incident, for these industries, may actually be decreasing due to implementation of improved risk management practices.

Click here to read more Industry Insights 

According to Aon’s Global Risk Insight Platform, an industry leading global repository of risk and insurance placement information, 80 percent of data breaches result in less than $1 million in costs and damages. A further breakdown of costs include:

  • Legal defense: $698,797
  • Crisis services: $366,484
  • Legal settlement: $558,520
  • Business interruption: $639,462
  • Event Management: $725,000

It is important to note that the average insurance payout is approximately $3 million. This is typically because loss of brand reputation and future lost sales after the business interruption is fixed are generally not covered by insurance.

Only after the recent attack on Sony have industries outside of retail, finance, healthcare and hospitality started to purchase privacy and security insurance in material numbers. Even still, less than 10 percent of smaller entities – those classified as generating less than $100 million in annual revenue – actually purchase privacy and security insurance even though risk and exposures continue to increase as technology swiftly advances.

Get to Planning

Organizations should take a fresh look at their evolving cyber exposures and solutions to help weather a storm if a breach occurs.  Here are a few tips to get started:

1. Conduct Pre-Breach Education and Planning

It’s important to look at pre-breach planning. Proper planning could impact a company’s ability to respond to a breach.  A key component of planning is company-wide education. It is not just about the IT personnel.  Education should occur from the board to the basement.

2. Develop an Incident Response Plan

An incident response plan outlines responsibilities, procedures, and a decision tree at a high level if a breach occurs. It’s important to keep a response plan fresh, as technology and the cybercrime landscape continue to evolve. The plan should consider issues at an enterprise-wide level, not just IT security. This includes policies and procedures, employee training and the allocation of liability in contracts with the insured’s partners, vendors and supply chain.  The plan should clearly identify cross-departmental responsibilities.

3. Create a Breach Business Continuity Plan

A company is advised to take a hard look at its capability to recover from a breach. Organizations have business continuity plans in place to weather physical perils that shut down operations. The same should be in place for cyber incidents that bring operations to a halt.  This means augmenting a company’s business continuity plan to address technology breaches and the responses required to maintain operations. 

4. Review or Implement Cyber Insurance

Conduct an assessment to determine the potential need for additional coverage. This can encourage an open dialogue about opportunities to shore up systems and procedures. It can also help identify holes in processes and protocols as well as gaps in insurance coverage that potentially could be filled with cyber insurance.

The range of potential losses resulting from a data breach varies dramatically based on a number of factors, including industry, size, network risk mitigation strategies and the use of outsourced third party providers. Be diligent and aware of your organization’s true exposures and risk, taking the proper steps to  prepare and help protect your bottom line.

ALSO ON THE NJBIZ “INDUSTRY INSIGHTS” BLOG:


How the business community can lead the way to a healthier New Jersey

PARCC test is career prep

Should corporations give?

Latest Headlines

NJBIZ Conversations

OceanFirst Financial CEO Christopher Maher speaks with NJBIZ Editor Jeff Kanige on Sept. 20, 2023.

NJBIZ Conversations: Chris Maher

The chair and CEO of OceanFirst Financial analyzes the factors driving the economy now, and identifies ar[...]

Events

Business and military

Introducing the inaugural NJBIZ Veterans in Business honorees (updated)

26/9/2023
NJBIZ 2023 Forty Under 40

NJBIZ 2023 Forty Under 40

25/9/2023
Female executives

Introducing the 2023 NJBIZ Best 50 Women in Business

13/9/2023
Employees in a meeting

Introducing the 2023 NJBIZ Forty Under 40 honorees

10/8/2023
Best places to work

New Jersey’s Best Places to Work, 2023 (updated)

12/7/2023