The cost of a data breach will show up directly and indirectly in your business's bottom line. While hackers may steal money directly from your business, did you know that much of the actual cost of the data breach comes from lawsuits, loss of business, fines, or other indirect costs?
Before we look at some of the ways a data breach can cost IT businesses, let's review some important data breach statistics.
Data Breach Statistics: Security By the Numbers
Here are some key data breach statistics…
- IT businesses are more likely to be targeted. According to security giant Symantec and the Ponemon Institute, in 2012, 93% of all identity theft occurred at IT, computer software, or healthcare companies.
- Data breaches are expensive. Another report by Symantec showed that in 2012, the average cost of a data breach was $136 for each record that was stolen, or $5.4 million for each breach incident.
- Computers are still the primary target. According to an exhaustive 2013 study of thousands of data breaches conducted by Verizon, 69% percent of all attacks occur on laptops, desktops, and file servers. While web apps are a substantial source of attacks (accounting for 10%), most hackers target other more "traditional" workstations.
- You might not know about a data breach until it's too late. While you may think your data security products will "flag" security breaches, the reality is that many businesses find out about their security flaws when it is too late. For two-thirds of data breaches, it took months or years for the company to realize their security had been compromised (yikes!).
How IT Businesses Pay for Data Breaches
At the outset, I mentioned that you may have to pay for the indirect costs of a data breach. Wondering what those costs are? Let's have a look.
- Legal costs. You may not know this, but as an IT consultant, if you install or recommend a piece of software for a client, you can be held liable when that software is hacked. You may not have written the code, but the courts can place the cyber liability squarely on your shoulders because you're an expert making a recommendation. If you recommend a web service to handle a client's online storefront, you could be sued for tens of thousands of dollars if the client's customer data is hacked.
- Damage to your reputation. After its data is hacked, a company has to inform the affected customers about the security lapse. That's the law. There are two ways this can come up. If your business is hacked directly, you have to inform your clients, vendors, and other people whose data you have on your network. If your client is hacked, they have to inform their customers. In these scenarios, you can easily imagine the damage to your reputation. An IT company is supposed to be able to protect its data. Contacting all your clients or their customers to tell them about your failure is like a tsunami of bad press and negative advertising. IT independent contractors and small businesses rely heavily on referrals. Suddenly being the "computer guy" who cost his client thousands in data breach costs can severely damage your reputation and halt your sales.
- Fines. Compromising consumer data is a breach of the law; failure to adequately protect your data can lead to a fine. For more information about the financial penalties you may have to face following a data breach, read our post "$1.2 Million HITECH Fine Highlights Risks for IT Contractors Working with Healthcare Clients."
How to Protect Your Business from the Cost of a Data Breach
While you should take adequate protection measures, your business should also consider purchasing Cyber Liability Insurance (aka Data Breach Insurance).
Data Breach Insurance can pay for lawsuits, P.R. / advertising campaigns, fraud monitoring, and a host of other expenses to help you meet your legal obligations and rebuild your reputation after an attack. Data Breach Insurance can account for both the direct and indirect costs of a data breach, and can be the difference maker that keeps your IT business running smoothly after a data breach.