Data breach costs should no longer come as a surprise to any company; in fact, you should be budgeting for data breach expenses just as you would any other expected expense. That’s one of the key messages to come out of the Ponemon Institute’s latest edition of its now-indispensable annual “Cost of a Data Breach” report.
“Since first conducting this research, the cost of a data breach has not fluctuated significantly,” Ponemon notes in the report. “This suggests that it is a permanent cost organizations need to be prepared to deal with and incorporate in their data-protection strategies.”
The report, sponsored by IBM, notes that the average cost of a data breach is now $7 million, and $221 per compromised record. With numbers like those, it’s easy to extrapolate the financial impact of a data breach. However, there’s more; loss of business is the biggest financial consequence of a breach, Ponemon’s report notes. Loss of business can equate to a life-threatening loss of consumer loyalty and brand credibility.
Businesses need to be proactive about planning for data breach costs, and take steps to mitigate those costs before a breach ever occurs. We can draw several important cost-reduction steps from Ponemon’s report, including:
- Have an incident-response plan and team in place. Preparing a plan and your people ahead of time can reduce the per-record cost of a breach by nearly $26, Ponemon found.
- Make extensive use of encryption. Protecting data through encryption decreased per-record costs by $18.90.
- Train employees in data-breach prevention and response. Employee training can trim more than $15 off the per-record cost of a data breach.
- Engage your business continuity management (BCM) people. Involving BCM or data loss prevention (DLP) teams can reduce per-record costs by $13.30 and $11.60, respectively.
- Get insurance. Companies with data breach insurance experienced per-record costs that were $8.60 lower than the average.
- Plan for the impact of indirect costs. Indirect costs such as customer churn account for the largest portion of the overall per-record cost of a breach — $145. Your data-breach response plan needs to incorporate critical consumer-facing components designed to ease the frustration and fear consumers often feel following a breach. Your plan should detail superior customer service tactics, strategies for clear and concise communication with affected consumers, and templates for notification letters that are informative and compassionate.
- Plan for direct costs. Consumers are also at the core of direct data-breach costs, which account for $76 of the average per-record cost. Properly planning ahead for indirect costs can also help decrease direct costs, as those are the expenses associated with minimizing the consequence of a breach (such as hiring forensic experts to investigate) and caring for affected consumers (through measures such as offering identity-theft protection).
In light of the factors that drive the largest portion of breach costs, the importance of post-breach consumer care can’t be understated. Ponemon found that companies that successfully reduced customer churn following a breach had an average organizational cost of $5.4 million, versus those whose churn topped 4 percent — in which case the average loss was more than $12 million.
Legal Notice: The information you obtain herein is not, nor intended to be, legal advice. We try to provide quality information but make no claims, promises or guarantees about the accuracy, completeness or adequacy of the information contained. As legal advice must be tailored to the specific circumstances of each case and laws are constantly changing, nothing provided herein should be used as a substitute for the advice of competent legal counsel.