Data Breaches May Cost Companies More Than They Realize
Companies large and small can have severe, business-threatening costs and fees associated with a data breach. The U.S. National Archives & Records Administration reports 50 percent of businesses that lose their critical data for 10 days or more have to file for bankruptcy immediately (pcicompliance.org). This statistic may seem alarming if one believes that data breaches are one dimensional – only affecting a single aspect of a business. Unfortunately this is not reality. A data breach – either malicious or unintentional – can spread its furry across the board.
Dr. Larry Ponemon of the Ponemon Institute, an independent research firm on privacy, data protection and information security policy, explains the magnitude of a data breach, “it’s not only direct costs of a data breach, such as notification and legal defense costs that impact the bottom line for companies, but also indirect costs like lost customer business due to abnormal churn.” Many CEOs and business owners are unaware of the ultimate costs of a breach in security until it’s too late.
The Ponemon Institute released their sixth annual study on data breach costs of the U.S. and reported that the average cost of a data breach to companies has risen to $214 per compromised record, as compared to $204 in 2009, and the average overall organizational cost increased to $7.2 million. The study also points out that the need to respond quickly to a data breach drives costs up, “we’ve seen companies that quickly respond to data breaches pay more than companies that take longer.” Unavoidably, companies feel the pressure to act quickly due to regulations like HIPAA, the HITECH Act and state data breach notification laws that require data breaches to be announced within a certain amount of time. (Ponemon Institute)
2010 saw an increase in malicious attacks, accounting for about 31 percent of data breaches studied. This percentage is up from 24 percent in 2009 and 12 percent in 2008. Malicious attacks range from data-stealing malware to social engineering and can happen from within an organization or an external source. Malicious attacks can be more costly due to the intent of the hacker. Hackers are usually out to monetize their breach and generate profit from it. These attacks are usually harder to detect, the investigation is more intensive and they are usually harder to contain and correct.
The high profile data breaches exposed in the past few years has helped bring attention to the seriousness of data security. Companies are investing more in security by following PCI compliance guides, increasing their resources in prevention and detection. Consequently, breaches due to systems failures, lost or stolen devices and third-party mistakes have decreased.
Ensuring data security is the only way to avoid data breaches and the costly fees associated with them. There are many resources available to help companies choose the best PCI compliant payment solution for their business.