In an era of increased tension around cyber security, I'd like to put the following question to you - how much will a data breach cost your company?
Pinpointing an exact figure is hard, so we've done a bit of digging to help make an educated guess for small to medium businesses. If you're Equifax, the latest breach would have cost you US$242.7 million after a leak of nearly 148 million customers according to this SEC filing. They are likely to to continue spending a few more dollars on cleanup over the next few years. For years now security professionals and analysts have tried to estimate what a data breach can cost a company.
Think about the expense of having to upgrade IT infrastructure and security to paying legal fees and government fines. You may need external contractors to fill your skills gap as well.
There are a lot of costs that are both tangible and intangible - If you're publicly traded your stock price may take a hit. Your customers' trust will erode and that will take time and effort to recover. If you're in a high-stakes industry this could be a killing blow for your business, the beginning of the end, so to speak.
According to this report from the Ponemon Institute the average cost of a data breach is around US$3.62 million globally. That's $141 for every record that is leaked on average. Now go count how many records you have, I'll wait.That's just the tip of the iceberg though - there is the aforementioned hit to your stock price, your customers no longer trusting you and the potential to get sued for breach of contract from your now very angry partners and/or clients.
The reality is that, in our experience, very few New Zealand-based companies even consider security beyond just Anti-Virus and recommendations from IT Vendors. These recommendations are certainly contributing to the overall security of your data. However, it's the possible attack vectors you don't think of that put you at greatest risk. These vectors include things like:
These are just some of the weak points in most small to medium business' security we've seen over the years. The thing here is that a lot of these businesses don't understand or know that these holes exist. If you want to know how vulnerable you possibly could be, here are some questions to ask yourself:
If you've answered yes to any of those questions, you should be worried.
If you're still reading this, the hair on the back of your neck should be standing up around now.
Doubly so if you've put security in the too hard/too expensive basket in the past. If you learned the lock on your front door is missing, you'd call a locksmith to get it fixed as soon as possible, right? So why not get in a security consultant to audit, recommend and implement some improvements to your security.
At around NZ$207 per leaked record at the time of writing, you'd only need a leak of about 100 sensitive documents and you'll already be sitting on a $20,000 bill. And if you have no or weak data security, the chances are high that all your files can be leaked. Let's say you get a security consultant in for a month at $100/hour. That's a $16,000 bill, sure. It's also $4,000 less than a small breach. And potentially millions less than the cost of a lawsuit for negligence from just one of your clients.Think of it like insurance - you pay a little bit now so you don't have to pay an exorbitant amount later.
At Bitlab, we have experience and an extended, trusted network of professionals that help you secure your business' data. If you're considering looking into improving your security, send us an email at firstname.lastname@example.org to arrange for a free, 30-minute consultation.