The real cost of a corporate data breach

Data breaches are regularly in the news. As hackers become more efficient and security policies begin to fail, it is becoming more glaringly obvious that most businesses are ill-equipped to fend off hackers and guarantee security against a corporate data breach. The fear now is not “will our company be hacked?” but “when will our company be hacked?”

The overriding fear and concern revolve around the immediate lost data and fines, although there are companies who offer data recovery services who might be able to recover any lost date. Whereas, the long term effect of a data breach can be catastrophic to a business’s long term outlook, even if they follow the steps to take after business data breaches. Too many companies are delaying acting today to implement the correct authentication defences and just hoping that what they have is “good enough”.

5 billion data records exposed and compromised

As we’ve seen, a lack of proper security causes major issues. In 2018, more than five billion data records, including corporate passwords and email addresses, were exposed and compromised. Every week Fortune 500 and Times 100 companies are being hacked; every day the same is happening to SMEs.

Just last year, in 2018, hotel giant, Marriott, suffered a breach in which hackers stole the records of 339 million guests. Around the same time, airline behemoth, British Airways, had the personal data of half a million customers stolen from their website and mobile app.

Aside from a lot of negative PR and the very real risk of losing brand credibility and customer faith, these hacks can compromise the security of an entire organisation and come with serious fines or worse amounts paid to hackers in the hopes they return what has been stolen. In both cases, the Marriott and British Airways were hit with enormous fines — £100/$125/€111 million for Marriott and £183/$230/€204 million for British Airways — after being found to be in breach of the EU General Data Protection Regulation (GDPR) by the ICO (Information Commissioner’s Office UK).

Corporate data breaches – the real costs and associated damages

According to the 2018 Cost of a Data Breach Study by Ponemon Institute, data breach costs organisations an average of USD$3.86 million, with each stolen record coming in at a cost of USD$148. [blockquote]the average cost per company for a data breach in 2018 was $3.86 m[/blockquote] Since 2017, those figures have increased by 6.4 per cent and 4.8 per cent respectively. But cost is just one factor and long term damage can seriously impact reputation and customer trust, further damaging longer term sales and company growth. Those in the healthcare industry may want to use effective data management solutions like those offered by MedPro to ensure compliance, license validation, and more.

Reputational damage

Chief Information Security Officer (CISO0failure is bad for PR. Organisations that lose customer data or hit the news for other breaches suffer damage to their reputation. [blockquote class=”double-border”]Talk Talk’s data breach cost them more than £60m [/blockquote]Reputational damage can have a devastating effect on sales and can lead to customer drop-off. In the case of Talk Talk, who had 400 million accounts compromised in 2015, their corporate data breach cost more than £60 million, as well as over 100,000 of their customers.

Plummeting share value

With reputation damage comes a loss of faith from shareholders; this can cause share value to fall. Equifax is one such example. Back in 2017, Equifax suffered a data breach that compromised more than 147.9 million people’s records, cost them £184.9 million and then caused their share price to drop 18 per cent from $143 to $116 and two years on, the share price has still not recovered to its pre-data breach value.

Penalties and fines

Since the General Data Protection Regulation (GDPR) came into effect in 2018, significant fines are being handed out to organisations that find themselves caught up in a corporate data breach. In the first year of GDPR over 200,000 cases were reported to the 31 European GDPR bodies and €55.9m fines were levied (admittedly €50m was to Google!). Companies including advertising agencies, medical clinics, banks and fire departments were fined the remaining €5.9m and fines can be as high as 4 per cent of a business’s annual global sales. Not only that but there are other consequences to be faced if you try to hide a breach, which could include contact from a whistleblower attorney if you have punished an employee for speaking out about an unannounced breach.

Insurance pay outs

While many companies are covered with cybersecurity insurance (a cost all on its own), there are instances where the losses are well beyond the amount covered. This has been seen now with Equifax, Merck, and a growing number of other organisations to face corporate data breaches.

Data breaches are increasingly more difficult to safeguard against. Being able to detect and escalate them quickly can lead to significant savings in what could otherwise cost the business a fortune. Risk officers need to invest in governance, risk management and compliance (GRC) programs to take a proactive stance against a corporate data breach.

With passwords being one of the main culprits to compromise security, it’s time for businesses to look at alternatives to strengthen their authentication and to implement password compliance. The benefits of short term investment into authentication far outweighs the long term cost and ongoing damage.

Corporate data breach – where to find out more

To find out more about our flexible, scalable solutions that match every aspect of corporate environments and trounce outdated, traditional password authentication methods, read our Solutions page. Or please get in touch with Authlogics today to discuss how we can help protect your business from corporate data breaches.