Outside of the patterns shown with a lower cost of a data breach in correlation with how quickly organizations identify and contain breaches- preparation and diligence pay. Studies found that incident response teams can lower the cost of a breach by as much as $14 per compromised record versus the average $148 per-capita cost. Multiple layers of security contribute to the cost savings- extensive use of encryption security can reduce cost by $13 per capita. There are many strategies to help businesses lower potential costs of a data breach.

A data breach of any kind can hurt your business. The average cost of a data breach in the U.S. is $3.86 million in 2018-up 6.4% from the previous year (2017)- according to the 2018 Cost of Data Breach Report determined by IBM Security and Ponemon Institute. 

On average, the cost of a compromised record is $225 but is significantly higher for exceptionally managed industries: healthcare ($380 per file) and financial services ($336 per file).

These figures include the direct costs of legal fees, notification, hiring additional staff and supplying identity monitoring services – including the loss of business that results from the breach. The impact to a company’s reputation trailing a breach generally results in customers going elsewhere.

Losing Your Customer’s Trust Impacts the Total Cost of a Breach

Customers trust organizations with all information they harbor whether financial services or healthcare management. The data breaches in the past year caused organizations to lose customers, but businesses that worked to improve customer trust reduced the number of lost customers- resulting in reducing the cost of the breach. Customer loss also seemed to be minimized when senior-level leaders, like chief privacy officer (CPO) or chief information security officer (CISO) directed customer trust initiatives, again, decreasing the financial effect of a breach. Companies who lost less than 1% of existent customers acquired an average total cost of $2.8 million, while companies who experience customer loss greater than 4% lost an average of $6 million.

"Ransomware shuts down 1 in 5 small businesses after it hits” 

Employees as The First Defense

Hacking is the primary method of attack and accounts for 63% of all data breaches to date- according to the ITRC/CyberScout report- 9% caused by employee negligence or error. This contains inappropriate disposal of sensitive data and lost or stolen laptops or other devices. Incidental exposure on the web estimated 7% of the breaches.

Employees are on the front lines of information security. The more that can be done to regularly educate employees about the modest things to protect their devices can go a long way towards protecting the organization.

Cyber-security policies are sets of guidelines that assist organizations in connecting and streamlining security efforts that are necessary to guarantee the protection of digital assets. They support business in identifying assets for protection, potential attacks on these assets, and measures taken to protect assets.

These policies list the responsibilities and consequences of the rights the users must abide by while working with business systems- including physical, individual management, hardware, and software. Cyber-crimes reinvent themselves to explore vulnerabilities just as technology innovates, making cyber-security policy audits a priority to be updated as needed.

Government and businesses are ranked the highest as top targets. It is imperative for every business to understand cyber-security and its facets to reduce the possibility of cyber-attacks and breaches.

A well executable security plan is what businesses need. Precise plans prioritize steps to be taken that defend the business network and data against most known attacks. Some steps may seem common and others beyond the capability of the average small business, but all are standards of effective cyber-security.

To learn more on how to protect your business from cyber-crime, download our free e-book here!

Practical Cyber Security Checklist

• Train employees on cyber-security threats
• Conduct a cyber-security readiness assessment
• Discuss with your attorney how you might handle a ransomware attack
• Contact local law enforcement for their protocols for a ransomware attack
• Apply best practice multi-level password protocols
• Educate yourself at the Center for Internet Security

When a cyber-attack happens, you won’t be judged by it happening, but what you did when it happened. No business is exempt from network outages or data breaches of any kind- small businesses and large enterprises alike.  The impacts from financial loss lost business opportunities, damaged reputation and customer uproar can be devastating, and can potentially lead to loss of employment. Cyber-security is everyone's job!