Can you afford to lose $4.27 million? That is the average cost of a data breach caused by a malicious cyberattack.
It is an eye-watering figure that has increased 12% in the last five years alone, underlining the imperative of ensuring your business is fully protected from cyberattacks.
According to new research analysing cyberattacks in more than 500 companies, data breaches rack up huge bills in four ways:
1st.Detection and escalation – activities that enable a company to detect the breach:
- Forensic and investigative activities
- Assessment and audit services
- Crisis management
- Communications to executives and boards
2nd.Lost business: activities that attempt to minimise the loss of customers, business disruption and revenue:
- Business disruption and revenue losses from system downtime
- Cost of lost customers and acquiring new customers
- Reputation losses and diminished goodwill
3rd.Notification – activities that enable the company to notify data subjects, data protection regulators and other third parties:
- Emails, letters, outbound calls or general notice to data subjects
- Determination of regulatory requirements
- Communication with regulators
- Engagement of outside experts
4th.Ex-post response – activities to help victims of a breach communicate with the company and redress activities to victims and regulators:
- Helpdesk and inbound communications
- Credit monitoring and identity protection services
- Issuing new accounts or credit cards
- Legal expenditures
- Product discounts
- Regulatory fines
Of these, lost business is the biggest cost, accounting for nearly 40% of the total.
Counting the cost of a data breach
The cost of “mega breaches” is astronomical. Large companies that experienced breaches of 1 million to 10 million records accrued costs on average of $50 million. In breaches of more than 50 million records, the average cost was $392 million.
In the case of malicious attacks, the average cost for every record hacked was $162. Depending on the value of each of your customers, you might find this unsustainable.
Company culture of cyber awareness
With malicious attacks and human error accounting for 75% of all data breaches, CISOs know that embedding a company culture of cyber awareness is crucial.
The risk stretches further than your business, however, as hackers frequently target supply chains and vendors: a careless or ill-informed click on the wrong email by one of your vendors’ employees can give ransomware attackers a direct route into closing down your whole enterprise.
But if you have dozens or even hundreds of suppliers, how can you evaluate where the greatest third-party cyber risk is? To match effort and cost to degree of risk, you need to focus your limited resources on the suppliers that present the most danger to your business.
The answer is C2 Cyber’s proprietary COBRA platform, which identifies the supply chain risks that pose the greatest threat.
C2 Cyber are experts in cyber security and vendor risk management. To protect your business from cyberattack, call us today on +44 (0) 20 7965 7597 or book a free appointment.