You’ve been living in a bubble if you thought that a data breach could never damage your business. A recent report by Norton revealed that about 4.1 billion records were exposed by data breaches in the first half of 2019 alone.
While the internet is an exciting place to be, the threats it poses are growing at an alarming rate. The 2019 Cost of Data Breach Report disclosed the global average cost of a data breach. It is $3.92 million, in addition to reputational damage, operational disruptions, and loss of consumer trust.
For the sake of protecting your customers, let’s take a quick look at how data breaches harm businesses.
Damage to Brand Value and Reputation
Today, all it takes for news to travel is a click. A data breach that puts customer data at risk is likely to negatively affect the company’s reputation.
In situations like these, customers are often left with no other option but to shift their business.
A report by PCI Pal found that as many as 62% of Americans would stop spending with an organization for several months after a breach.
What makes things worse for data breach victims is the arduous acquisition of new customers. After all, nobody wants to do business with a company if they think their information is not secure.
However, how a company reacts following a data breach has a considerable impact on its reputation.
For example, Chinese smartphone manufacturer, OnePlus, took immediate steps right after it suffered a breach exposing sensitive details. Customers were promptly notified by email and warned about possible spam emails in the future.
During sensitive times like these, empathizing with those affected and transparent communication becomes paramount. It helps protect the long-term reputation of the brand.
It goes without saying that most businesses suffer monetary losses after data breaches. These costs can result from:
- Compensating customers: Regardless of the scale of the breach, compensation is necessary for companies that want to retain their customers. For example, in 2017, Anthem agreed to pay $115 million as compensation to their breach victims.
- Exaggerated security costs: Companies have no option but to invest in better security checks after a data breach. This can be done by means of investing in new technology or hiring more IT staff.
- Conducting investigations: To prevent breaches from happening in the future, you need to find out how it happened. However, investigating a data breach is an elaborate process, and involves heavy costs. Depending on the severity of the breach, you might have to hire a digital forensic team or examiner(s). They will then take steps to find out what happened, what information was compromised, and who was responsible.
- Legal fees: Lawsuits, legal fees, and settlement fees are not uncommon when sensitive customer information is in question. For example, Neiman Marcus agreed to pay as much as $1.5 million for a data breach settlement.
Clearly, legal penalties are difficult to dodge and can cause serious setbacks for companies. Furthermore, court cases can go on for years, often with no outcome at all.
- Lost revenue: After a breach, companies can lose out on potential revenue due to consumers shifting to other businesses, hindrances in regular functioning, etc. This type of monetary loss is not just the hardest to measure, but can also be felt for years after a breach. The section on prevention towards the end of this post will talk more about minimizing such revenue loss.
These monetary shocks are often felt for years after the incident.
What must concern businesses today is the rising costs of data breaches. A report conducted by the Ponemon Institute stated that the average total cost of a breach has risen from $3.5 million in 2014 to $3.92 million in 2019.
It’s important to note that the financial loss suffered varies, depending on the type of breach, the company size, and other factors. However, these losses have proven to be significant historically.
In 2019, British Airways faced a fine of £183 million for a data breach that exposed customers’ credit card data. July 2019 also saw Equifax agreeing to pay as much as $575 million to settle their 2017 data breach.
All of these examples point to the same advice: prevention is better than cure.
While many believe that hackers only target giant corporations, statistics tell a different story. According to the Verizon 2019 Data Breach Investigations Report, 43% of cyber attacks still make small businesses their prey.
So, instead of waiting for a hacker to show up on your doorstep, have effective security software in place.
Loss of Consumer Trust
Data breaches can make consumers feel vulnerable, thus leading to a loss of consumer trust.
This becomes even more crucial when sensitive information is involved. A report by Varonis claimed that 56% of Americans do not know what to do in case of a data breach.
This points to 2 possibilities:
- Those customers presume that they’re never going to be affected by a data breach.
- They trust the companies when it comes to keeping their data safe.
However, as per an infographic by Varonis, there’s a significant gap when it comes to consumers’ perceptions of data protection by companies and the reality of it. This is why consumers’ trust dwindles when they are actually affected by a data breach.
The way Uber responded to a hack attack in 2016 is the perfect example of how breached companies lose trust.
Instead of reporting hackers to the police, the ride-hailing company paid a $100,000 ransom in exchange for a non-disclosure agreement.
Remember that while consumer trust takes years to build, it only takes seconds to crumble.
Depending on the severity of the attack, recovering from data breaches can take months or even years. One of the most commonly pursued courses of action is to shut down operations until everything is figured out.
However, this often causes both customers and employees to leave, largely impacting the company’s functioning.
According to a report by Dark Reading, 69% of small organizations were forced to temporarily terminate operations, and 10% of them shut down permanently in 2019.
The Ponemon Institute’s Cost of a Data Breach report claimed that the average time taken to identify and recover from a breach in 2019 was 279 days. Such a long period of time is more than enough to hamper businesses – both small and big.
Prevent a Data Breach – Don’t Become a Disaster Recovery Statistic
There’s no question that the threats from data breaches are becoming increasingly profound by the day. However, having a strategic plan in place greatly minimizes the risks.
In order to prevent data breaches, you should:
- Encrypt your data: In simple words, this means translating plain text into a code of sorts – one that can only be accessed and read by selected individuals. Thus, by protecting your data from being accessed by unauthorized people, you can greatly minimize the chances of a data breach.
In addition, data encryption also comes with legal benefits under some jurisdictions. Loss of encrypted data is often not tagged as a “breach” by law.
- Keep software updated: A survey by Comodo One revealed that 80% of companies with outdated software were victims of security breaches. So as a matter of habit, always keep software up-to-date. This can help by protecting data against malware viruses and fixing existing susceptibilities.
- Invest more in IT and technology: Proactive investments made in sophisticated technology and IT staff tend to pay off in the long run. This can not only prevent your company from paying higher fines in case of a data breach, but also boost customer retention.
- Backup your files: In addition to leaking sensitive information, data breaches can also lead to a loss of data. To avoid slow, costly, or impossible recovery, backing up your files is highly recommended. This proves to be a huge blessing in cases that data breaches cause corruption or loss of data. Backup software solutions like VMWare vCenter Server and Acronis can help you back up and recover data without hiccups.
Chinese technology giant Alibaba faces about 300 million hacking attempts on a daily basis. This could happen to any business, at any point, and at any scale.
In situations like these, having security measures and strategic recovery plans in place is crucial.
Final Thoughts on Data Breaches Impacting Businesses
The key to protecting your business from cybercrimes is to be prepared for the worst. While it might seem tempting to avoid incurring the costs of cybersecurity, it’s not worth it.
After all, the ability of your business to deal with a data breach largely determines its long-term viability.
Does your business have data security mechanisms in place? Tell us about them in the comments below.
Author Bio – Aaron Cure
Aaron Cure is the Principal Security Consultant at Cypress Data Defense and an instructor and contributing author for the Dev544 Secure Coding in .NET course.
After 10 years in the U.S. Army, I decided to switch my focus to developing security tools and performing secure code reviews, penetration testing, static source code analysis, and security research.