Data breaches can cause devastating financial losses and affect an organisation’s reputation for years. From lost business to regulatory fines and remediation costs, data breaches have far reaching consequences.
IBM Security has calculated that a data breach could wipe as much as 7.2% off a company’s share price. It’s the equivalent of up to $8.8 million in cash terms for UK companies listed on the FTSE 100, or up to $32.3 million for listed US companies on the NASDAQ index.
These figures demonstrated the importance effectively training staff with cyber security training, as most attacks come through phishing emails sent to employees and management. When an attack has happened ensuring you find the data breaches quickly. On average it takes tech companies 187 days to identify a breach and 59 days to contain it. However, in other sectors that number rises to 246 days to identify and contain.
Listed companies in the US and UK could face a bill of $42.9 billion. This equates to $174.4 million per day, or $5.3 billion per month. These figures do not account for reputational impact, loss of customers or GDPR penalties, so could even be even higher. scandal, including subsequent reputational impact, the value of the company
For example, if Amazon experienced a breach equivalent to the 2018 Facebook Cambridge Analytica breach, its value would drop by a predicted $167.9 billion. In its 2019 annual Cost of a Data Breach report, IBM made similar findings, putting the cost per breach at US$3 million per organisation.
Globally, IBM figures show that the hardest hit sector was healthcare, which faced an average bill of $6.45 million per breach, while the US is the most expensive country in which to suffer a breach, with the average cost there rising to $8.19 million per organisation.
Taking a global perspective, IBM’s report further stated that the average total cost of a breach in the US has increased 130% in 14 years, from $3.54 million in 2006 to $8.19 million in 2019. Consequences of a data breach can be particularly acute for small and midsize businesses. Companies with less than 500 employees often suffered losses of more than $2.5 million on average, a potentially crippling amount for small businesses, which typically earn $50 million or less in annual revenue.
Source: Cyber Security Intelligence