How much does it cost to get penetrated by a data breach? Much more than you might expect.
When an intrusion occurs, the potential costs can include:
- Forensic activities to assess the incident’s scope, and find the exploit that allowed the intrusion.
- Remedial measures taken to close whatever holes were found.
- Most importantly, the lost revenue from existing customers who leave, and potential customers who will no longer consider purchasing from you.
Additional problems can occur as well. For example, public companies can experience falling stock prices. Companies in regulated industries such as health care can be fined. And so on.
Setting aside industry-specific costs, what are the typical damages across all organizations? Unsurprisingly, the average cost of a data breach has risen over the last few years.
According to a report from IBM and the Poneman Institute, the average cost of a successful data breach has risen to $4 million. This represents a rise of 29 percent in just three years.
On average, organizations lose $158 per compromised record.
The toll is even worse for regulated industries. For example, healthcare organizations lose an average of $355 per compromised record. This is the result of fines, along with a typically higher amount of lost business after the publication of the breach.
But probably the worst recent example of punishment for inadequate security is that of Yahoo.
Earlier this year, Yahoo announced the discovery of a 2014 breach, which exposed data from at least 500 million users.
Now Yahoo has announced the discovery of an earlier, even worse breach. In 2013, over one billion accounts were compromised, in an attack that was “likely” distinct from the other.
After this announcement, shares of Yahoo Inc. lost six percent of their value. Over $2 billion in market cap was lost.
Nor is this the worst news for Yahoo. Verizon is now threatening a lawsuit to force different terms on its planned $4.8 billion buyout of Yahoo assets.
So what can be learned from all this?
Simply this: that inadequate web security can, quite literally, cost billions of dollars.
Robust web security is a vital part of doing business today. Cybercrime is a permanent, omnipresent threat.
Organizations must plan accordingly.
Photo credit: Helloquence