business Understanding the Hidden Costs of Data Breach November 18, 2016 A closer look at these “hidden” costs that may have long-term implications. How much do data breaches cost? The average data breach costs $158 for each lost or stolen record, according to the latest global data breach survey of IT professionals by the Ponemon Institute. But U.S. organizations suffered the highest average total loss ($7 million) of the countries in the study. Moreover, the average per capita loss was $221 in the United States — again, the highest loss rate in the world. Industry also affects per capita losses. The highest average per capita losses were associated with heavily regulated sectors, including health care ($355), education ($246) and financial services ($221). Ponemon’s cost estimates include tangible costs, such as professional fees to detect and report data breaches, insurance costs, notification and response expenses, and loss of existing customers. The study also attempts to quantify intangible costs that are harder to quantify. Here’s a closer look at these “hidden” costs that may have long-term implications. Intellectual Property Loss Hackers typically target customer credit card numbers, patient records or employees’ personal information. But when hackers steal a company’s intellectual property — such as proprietary formulas, customer lists, strategic plans or in-process research and development — it can be devastating. Future profits may be severely compromised if valuable intangibles wind up in the hands of competitors, and they’re able to bring new products to market faster or cheaper. Reputational Damage Can you name a company that’s had its data breached? Every day, the media seems to report new stories about data breaches at well-known companies. Negative publicity can cause the victim’s stock price to nosedive, especially if breach notification and response aren’t handled properly. In some cases, a major data breach causes long-term damage to the victim-organization’s goodwill and brand name, which impairs its ability to attract new customers. Breach victims can help minimize the damage by offering to provide new accounts and free credit monitoring to customers who are affected by breaches. Trickle-Down Effects A data breach can also impact perceptions of risk. Often, breaches make people gun-shy about doing business with the victim organization and, therefore, increase supply chain costs. The most obvious example is the increase in insurance premiums when victims renew or buy cybersecurity policies. Additionally, breach victims may be deemed less creditworthy by lenders and investors, leading to higher interest rates and capital costs. Data breaches even can be a turnoff to employees and job applicants, who may worry that hackers could obtain their personal information by exploiting the company’s IT systems. Likewise, vendors may shy away from a breach victim, because data security weaknesses can expose supply chain partners to IT security risks. Ways to Minimize Indirect Costs No organization is immune to data breaches. Did you know that 30% of phishing emails are opened? Or that, in 93% of breaches, hackers were able to compromise the victim’s systems in just a few minutes? A recent Verizon study also reports that 7% of breaches take a year or longer to detect — and the longer a breach goes undetected, the higher the victim’s losses tend to be. Breach victims can take various steps to help mitigate their losses, however. For example, management can work with IT specialists to implement an effective incident response plan and find out how the breach occurred. In turn, this information can be used to strengthen the victim’s cyber defenses, thereby preventing future losses and restoring confidence among stakeholders. Our information security team can help you prevent, detect and respond to cyberattacks. Given the increasing and enduring costs of data breach, you can’t afford to let your guard down.