In an era of increased tension around cyber security, I'd like to put the following question to you - how much will a data breach cost your company?

Pinpointing an exact figure is hard, so we've done a bit of digging to help make an educated guess for small to medium businesses. If you're Equifax, the latest breach would have cost you US$242.7 million after a leak of nearly 148 million customers according to this SEC filing. They are likely to to continue spending a few more dollars on cleanup over the next few years. For years now security professionals and analysts have tried to estimate what a data breach can cost a company. 

Think about the expense of having to upgrade IT infrastructure and security to paying legal fees and government fines. You may need external contractors to fill your skills gap as well. 

There are a lot of costs that are both tangible and intangible - If you're  publicly traded your stock price may take a hit. Your customers' trust will erode and that will take time and effort to recover. If you're in a high-stakes industry this could be a killing blow for your business, the beginning of the end, so to speak.

According to this report from the Ponemon Institute the average cost of a data breach is around US$3.62 million globally. That's $141 for every record that is leaked on average. Now go count how many records you have, I'll wait.That's just the tip of the iceberg though - there is the aforementioned hit to your stock price, your customers no longer trusting you and the potential to get sued for breach of contract from your now very angry partners and/or clients.

She'll be right.... right?

The reality is that, in our experience, very few New Zealand-based companies even consider security beyond just Anti-Virus and recommendations from IT Vendors. These recommendations are certainly contributing to the overall security of your data. However, it's the possible attack vectors you don't think of that put you at greatest risk. These vectors include things like:

  • Letting any machine connect and attempt authentication on your company's network
  • Encrypting backups but not the "live/working" files on your network
  • Not keeping your internet-facing systems up to date.
  • Not educating your staff on basic threat detection - social engineering is one of the most effective techniques used by hackers.
  • Not using encrypted communication channels for external communication.
  • Not using 2-Factor Authentication for critical systems
  • Having poor/no offboarding process for key employees.
  • Using weak passwords for systems that are "easy to remember" for everyone

These are just some of the weak points in most small to medium business' security we've seen over the years. The thing here is that a lot of these businesses don't understand or know that these holes exist. If you want to know how vulnerable you possibly could be, here are some questions to ask yourself:

  1. Do you have a contingency plan in case of an attack?
  2. Will you even know if your systems have been breached?
  3. If your company is breached and files are leaked, are they encrypted or can they just be opened by anyone?

If you've answered yes to any of those questions, you should be worried.

Plugging the gap

If you're still reading this, the hair on the back of your neck should be standing up around now.

Doubly so if you've put security in the too hard/too expensive basket in the past. If you learned the lock on your front door is missing, you'd call a locksmith to get it fixed as soon as possible, right? So why not get in a security consultant to audit, recommend and implement some improvements to your security.

At around NZ$207 per leaked record at the time of writing, you'd only need a leak of about 100 sensitive documents and you'll already be sitting on a $20,000 bill. And if you have no or weak data security, the chances are high that all your files can be leaked. Let's say you get a security consultant in for a month at $100/hour. That's a $16,000 bill, sure. It's also $4,000 less than a small breach. And potentially millions less than the cost of a lawsuit for negligence from just one of your clients.Think of it like insurance - you pay a little bit now so you don't have to pay an exorbitant amount later.

Not sure where to next? We've got you.

At Bitlab, we have experience and an extended, trusted network of professionals that help you secure your business' data. If you're considering looking into improving your security, send us an email at to arrange for a free, 30-minute consultation.

About The Author

Drian Naude

Technical Director at Bitlab. Drian writes about engineering, management and a little design.

If you enjoyed this article, please like and share it with your friends on social media. It helps us figure out what you like to read more of!