You’ve probably heard the stats on data breach. Ponemon reports that a data breach costs on average $3.86 million, and even a single lost record can cost $148! While these numbers sound menacing, the real cost of a data breach will be much lower for many businesses because it depends on variables like the number of lost or stolen records, what kind of data is in the records, the amount of time it takes to respond to the breach, and how well a company manages associated expenses.
Whatever the case, it’s important for MSPs to give clients a realistic look at what data breach might cost them. When your customers have a clear picture of how expensive breaches are, they’ll be more likely to enlist your services for prevention. Let’s take a look at how the experts analyze data breach.
Calculating the Cost of Data Breach
As you help your clients understand what their risks are, it’s helpful to imagine the costs associated with worst-case scenario. Let’s say a cyber-criminal somehow gained full access to your client’s network and made off with every piece of critical data—what would that mean for them? From there, it’s a matter of discussing types of costs to arrive at a rough total. In its 2018 Cost of Data Breach Study, Ponemon Institute breaks data breach costs into the following categories:
Detection and Escalation – For this phase, work with your client to answer questions like: What costs are associated with finding the source of the breach and report it throughout the organization? Would you need to bring in a third-party expert to determine the source and extent of the breach? What sort of costs might your client incur for putting a crisis management team into action? What costs are associated with moving communications all the way up the chain of command?
Data Breach Response – What will it take for your client to make this data breach right with their customers? If lost or stolen data was an email address, the response will be much different than if criminals got ahold of medical records. Lost email addresses might warrant giving customers discounts on goods or services, but lost credit card or medical records might involve hiring a third party for credit monitoring or identity protection services for affected customers. Depending on the severity, a breach could result in a company paying settlements to customers who take legal action.
Communication Costs – It’s easy to ignore the costs of basic communications, but they add up. What might be the labor cost for outbound communications like letters, emails, phone calls and so forth? Would you need third parties to help reach out to customers or answer in-bound calls? What about administrative time associated with communicating with regulators or third parties you enlist to help out?
Lost Business and Reputation – Whether it’s sensitive or not, people won’t be happy about their information being lost or stolen. Make sure your clients understand the impact a data breach can have on their ability to retain customers and find new ones. A poor reputation can result in a business closing their doors for good.
Fines – On top of everything a company has to deal with following a data breach, there can also be fines from federal regulators. Fines vary depending on your location, the severity of the breach, and which regulations a company violated leading up to a breach. On the healthcare side, violating the Health Insurance Portability and Accountability Act (HIPAA) can cost $100 – $50,000 per violation. Healthcare facilities that aren’t compliant face a bevy of potential fines, and an auditor will no doubt uncover every violation after a company reports a data breach.
A data breach won’t cost your clients millions, but they’re almost always expensive. Between determining the source, making things right with customers, and potentially paying fines, it makes far more sense for your clients to invest in tools and services that prevent breaches now rather than suffer the consequences.