The impacts of a data breach stretch far beyond the immediate consequences from the loss of critical information and the cost of mitigating the spread. According to 51 percent of respondents to a Ponemon Institute study[1] who experienced a data breach in the last two years, the impact is much wider and it’s critical that you take action.
By assessing the ways in which a data breach would affect your data networks and operations, you can begin to implement prevention strategies to mitigate the risk.
[1] 2017 Cost of Data Breach Study: Australia (IBM/Ponemon Institute, June 2017)
1. Financial Consequences of a Data Breach
According to the Ponemon Institute, the average cost of a data breach is $139 per compromised record, with slight variations depending on the cause:
- $154 per record compromised due to a malicious attack.
- $130 per record compromised due to a system glitch.
- $121 per record compromised due to employee or contractor error.
This may seem minuscule, but 41 per cent of respondents to the Ponemon Institute had more than 1,000 records affected by a breach in a 24 month period – which takes the immediate cost impact of a data breach to over the $100,000 mark.
For publically listed companies, research shows that stock prices drop 5 per cent in the aftermath of breach disclosure. The time that it takes the share price to recover will extend if the organisation has poor response processes. Meanwhile, failure to comply with the new Australian Notifiable Data Breaches (NDB) scheme can net fines as large as $2.1 million.
Prevention is the best strategy – cyber criminals do not discriminate by business size, and these costs have the capacity to break smaller Australian businesses.
2. Reputation Consequences of a Data Breach
With mandatory disclosure of serious breaches now in place for many Australian businesses, managing damage to reputation is a must. Of the average $139 lost per compromised record, only $60 is attributed to direct action such as containment and assessment.
This means more than half the cost of a data breach can be attributed to indirect consequences, such as managing customer turnover in the wake of the event. Some industries are more susceptible to high churn than others – financial services and tech companies, where there is an expectation of high security measures, are hit especially hard.
Marketing campaigns, hiring media management and building customer trust following a data breach takes time and money. Avoiding such situations in the first place is the ideal.
3. Legal Consequences of a Data Breach
The NDB scheme has put much greater requirements on Australian organisations when they identify a data breach. Beyond the costs of detection, containment, hiring external parties (like lawyers and data forensics teams) and reporting, there can be significant legal consequences.
Reporting may have to be disclosed to the ATO, ASIC, ACSC or even the Federal Police, depending on the breach. Failure to uphold obligations under the Privacy Act 1993 may result in legal proceedings, while financial penalties from the Office of the Australian Information Commissioner (OAIC) can reach as much as $2.1 million.
Manage and Prevent a Data Breach With a Security Partner
Beyond the costs to your organisation, data breaches have the potential to inflict serious harm on individuals connected with your company. If not swiftly addressed, customers’ private and financial information may be compromised. Fraud and identity theft are just some of the possible consequences highlighted by the OAIC.
The smallest breach can have wide-ranging and costly impact. To mitigate the risks, look into using managed security services. At Over the Wire, we provide 24/7 protection and notification, with local specialists on hand to monitor and mitigate any threats to your company. Get in touch to find out how we can help.