The most popular and comprehensive Open Source ECM platform
Let us know more
Security: Why are Data Breaches so Expensive?
Data breach costs have relentlessly be on the rise over the past years. For large companies the cost to remediate the effect of a data breach averages now into many millions of dollars, particularly in the US where the cost to remediate a data breach is the highest in the world.
There are both direct and indirect costs related to data breaches:
- Direct Costs
- Costs related to detecting and notifying affected parties of the incident
- IT time spent resolving the breach
- Sales revenue lost due to system downtime and business disruption
- If a public company, a likely drop in stock price
- Legal fees and costs of litigation
- Possible financial theft
- Fees to investigate root cause of the problem using forensics and auditing
- Fees for public relations, help desk, and setting up post-breach response, like an emergency call center
- Fees for providing credit monitoring services for customers
- Penalties and Regulatory fines
- Greater investment in security measures to avoid future incidents
- Indirect Costs
- Reputational damage
- Loss of consumer trust
- Missed business opportunities
- Declines in productivity
- Possible IP theft
- Employees may leave the organization
Charles Debeck, senior threat analyst at IBM X-Force IRIS, said that “we see an increasing divergence between organizations that take effective cybersecurity precautions versus orgs that don’t. This divergence has been increasing year over year; the organizations that are engaging in effective cybersecurity practices are seeing significantly reduced costs, the organizations that aren’t engaging in these same practices are facing significantly higher costs.”
A company’s chief financial officer (CFO) is the one responsible for keeping the company running within the allotted budget. A data breach can throw a company’s budget off balance. For example, ransomware is a type of malicious software or malware that encrypts a victim’s data, after which the attacker demands a ransom, hence the name ransomware. Suppose a company was to be attacked by this malicious software. In that case, the decision lies with the CFO on whether they would pay the ransom.