The True Cost of Data Breaches

March 1, 2019 at 9:14 pm by Paul Falcone

While you may be hearing about them more and more frequently, the truth is data breaches have been occurring since before the digital age. For instance, unauthorized personnel who view a hard copy of medical files without authorization is considered a data breach. But it’s our majority reliance on digital platforms to store data that has brought security issues and, thus, data breaches to a whole new level. In fact, identity theft from exposed data records is the most common type of data breach accident across the globe.

Data Breaches are Rising

According to recent statistics as compiled by Statista, data breaches across the United States have been on the rise for over 10 years, and it’s not a small incline by any measure. In fact, recorded number of breaches in the US have gone from 157 million in 2005 to 1.579 billion in 2017. What’s more, nearly all these 2017 breaches were amassed in the business sector.

In the first half of 2018 alone, there were 668 million breaches recorded, totaling over 22 million data records that were exposed.

The Costs: More than Just Money

The rise in data breaches has also caused a correlated rise in the financial costs of the breaches. In fact, a recent study conducted by IBM Security and the Ponemon Institute reported that in 2018, the average global cost of a breach was up to $3.86 million, and the average cost per exposed data record was $148 per record. These increases are largely due to the increase in data breach sizes. That is, the financial costs of data breaches keep going up because the data breaches themselves are exposing larger amounts of data.

These financial costs extend beyond the money that is paid out by the organization to recover the exposed data. For one, if the organization is publicly traded, it’s stock value could decrease. For another, it’s shareholders or stakeholders could also decrease, furthering the financial loss of the organization. In addition, if the breach includes information on European citizens, fines imposed under GDPR can total up to 20 million Euros or four percent of the company’s global annual revenue, whichever is higher.

Yet, financial is just the tip of the ‘iceberg of cost’ for organizations that become victim to a data breach.

Data breaches involve such private data as Personal Health Information (PHI), Payment Card Information (PCI) as Personally Identifiable Information (PII), as well as trade secrets and intellectual property. When these types of personal data are exposed, it can compromise not only the integrity and reputation of the organization from which it came, but also its consumer base. On an individual level, it could negatively affect everything in that person’s life; from their ability to buy a home and get a job, to that person’s financial standing and even their mental health.

The effects on the consumer level can then have even more adverse effect on the organization, because with a data breach comes a more intangible breach, one of trust between the consumer and the organization. Often, when a consumer loses trust in an organization, it is extremely difficult to build back that relationship.

It’s not an easy fix. It takes a lot of time and persistent effort on the part of the organization to earn that trust back; whether that’s literal time and effort on the part of the organization’s employees, or money and time spent in PR management and in marketing communication to try to change the consumer’s perception of the organization. While some organizations have the business foundation and financial backing to recover from a breach, for others such reputational and consumer damage could be catastrophic to the business. In fact, approximately 60 percent of small businesses that suffer a data breach go out of business within six months.

Of course, one way to ensure this data security within your organization is to protect your data and destroy old drives as soon as they reach their end-of-life cycle. Proper data disposal means destroying both the data stored as well as the device or media on which the data is stored. It’s important to remember that for digital media, the device should first be degaussed before it can be destroyed by means of shredding, pulverization, melting, disintegration, or incineration, rendering both data and device unreadable and unable to be reconstructed.

You can work with a third party vendor who will destroy your data and drives for you; however, the safest and most secure way to dispose of data is to work with a vendor like SEM who provides your organization with the necessary data disposal machinery that can be kept on-site and be used only by your authorized personnel. By keeping the end-of-life destruction on site, you not only have the most secure procedures, but save the most money.

Ultimately, don’t take the chance when it comes to breaches. The real cost is too great – losing money, your business, and your entire company or organization is preventable. Take the steps today to ensure your future is safe and secure.