January 24, 2024
If it seems like reports of security breaches are becoming more common – it’s because they are. Global cyberattacks increased by 38% in 2022, according to Security Magazine 1. Not only are they more frequent – they’re more costly. IBM’s 2023 Cost of a Data Breach report found the average cost of a data breach rose to new highs, reaching $4.45M globally and a massive $9.48M in the United States 2. One would expect these figures to continue to increase as commerce becomes increasingly dependent on technology and cyberattacks continue to prove lucrative for bad actors.
The immediate, direct costs of a cyber incident, like ransom payments, incident investigation, and mitigation, are well-known and easy to quantify. However, there are also hidden, often long-term costs that can have a significant impact on a business’ bottom line.
The loss of productivity and related revenue is one of the most significant hidden costs of a cyber incident. Callsign’s 2023 Global Scams Report cited that 74% of senior decision-makers identified lost productivity as a key challenge in overcoming a breach 4. When a business’s systems are down or compromised, employees may not be able to work, and customers may not be able to access the business’s products or services. This downtime can result in lost revenue and missed opportunities. Callsign’s report states that 13% of businesses lost more than 11% in revenue due to an incident 4.
Another hidden cost of a cyber incident is the damage to a business’s reputation. 66% of consumers would not trust a company following a data breach, according to Security Magazine 3. And according to Callsign, 33% wouldn’t do business with the company again. There is also a multiplier effect associated with security breaches. Nearly 25% of customers will complain about the company on social media, and roughly 50% will tell their friends, family, and colleagues 4. Depending on the number of connections a customer has on social media, their story can quickly spread. This can discourage potential customers and damage future revenue.
Reputational damage can also extend to investors, where publicly traded companies saw a 7.5% drop in their stock values in addition to a mean market cap loss of $5.4 billion following a data breach according to Infosecurity Magazine 5. It can take years to recover from this loss in value.
Finally, there can be costs associated with regulatory compliance and legal fees. Depending on the severity of the incident and the industry in which the business operates, fines or penalties for non-compliance with data protection can be massive. In 2019, Equifax agreed to pay $575 million, and potentially up to $700 million, in a settlement with the FCC due to a 2017 data breach that affected 147 million people 6.
Additionally, businesses may need to deal with legal or regulatory issues that arise. A 2021 data breach cost T-Mobile $350 million due to a class action lawsuit and an additional $150 million of incremental spending for data security in 2022 and 2023 7. Home Depot paid nearly $200 million in settlements to credit card companies, consumers, and states as the result of a breach in 2014 8. Again, these costs are in addition to investigating and remediating the breach.
In response to the growing frequency and cost of cyber-attacks, the global cyber insurance market has exploded. Security.org forecasted the cyber insurance industry to grow to $20 billion by 2025 9. Cyber insurance is one way to mitigate the cost of cyber incidents by helping cover the direct costs of a cyber incident, such as ransom payments and legal fees, as well as some of the hidden costs, such as lost revenue and damage to reputation.
Here are some other blogs we’ve written about cyber insurance:
Before insurance providers extend a cyber insurance policy, most require businesses to perform a cyber insurance readiness assessment. These assessments help protect the business and the insurer by helping identify potential vulnerabilities and developing cybersecurity measures to mitigate them. By proactively addressing security risks, businesses can reduce the likelihood of a cyber incident occurring and minimize the potential costs associated with an incident. Addressing identified security risks may also help to reduce the cost of cyber insurance premiums.
In addition to identifying vulnerabilities, cyber insurance readiness assessments can also help businesses develop incident response (IR) plans. These plans outline the steps that a business should take in the event of a cyber incident, including who the IR team is, how to contain the incident, notify customers and stakeholders, and restore operations. By having a plan and team in place, businesses can respond more quickly and effectively to a cyber incident, reducing downtime and minimizing costs. According to IBM’s 2022 Cost of a Data Breach Report, businesses with an IR team that tested their IR plan saw a 58% cost savings in the event of a breach 2.
Are you concerned about your security posture but don’t know where to start? A cyber posture assessment is a great place to start. Our security specialists can help you identify actionable steps you can take to fortify your security stance. Contact us today and see how Dewpoint can Make IT Personal for you.
Want instant feedback on your security posture? Take our quiz!
Dewpoint, an award-winning, Michigan-based technology firm, has been helping businesses prepare for, stay ahead of, and respond to IT challenges for over 26 years. From IT security to infrastructure management to automation, cloud migration, and beyond, Dewpoint has long been a trusted technology resource for businesses.