No business ever wants to deal with the consequences of a data breach, but as these breaches become more and more common, it’s important for every business to be prepared. One thing that businesses are often not prepared for is the associated costs of a data breach. How much will a data breach cost a company? What are the associated costs of a data breach? Here are some of the costs associated with a data breach that businesses should prepare for:
Notification Costs
Businesses must notify their customers if they have been affected by a data breach. Notifying customers may seem simple, but it’s much more difficult, not to mention expensive, than it appears. In 2016, the average cost of notifying customers after a data breach was $590,000.
Businesses typically contact customers by mail, email, or both. Sending notifications through the mail is much more expensive than emailing customers, but it’s necessary to reach every customer that has been affected by the breach.
After customers have been notified, a lot of them will want to get in touch with your company to ask questions or learn more about what happened. It takes a lot of resources to respond to all of these questions and concerns, which is why the costs associated with notifying customers is so high.
Credit Monitoring Costs
When customers’ personal information is compromised, companies often offer to monitor their credit for free for a certain period of time. This way, customers will know right away if their information that was compromised is being used to open new credit cards, secure loans, or take any other action that could hurt their credit.
Monitoring affected customers’ credit is the right thing to do, but it’s also expensive. The average cost of credit monitoring is $10 per affected customer. Since the average number of records compromised in a data breach is over 24,000, credit monitoring can be a significant expense.
Regulatory Fines
Some businesses may also be subject to fines after a data breach. A number of regulatory agencies, including the Federal Communications Commission (FCC), Health and Human Services (HHS), and Federal Trade Commission (FTC) can impose fines on businesses that fail to protect sensitive data. The fines can vary significantly depending on the nature of the breach, but they can be massive. For example, the FCC fined YourTel America and TerraCom $10 million after it was discovered that the companies, which share the same owners, kept sensitive data on publicly accessible servers. On the other hand, the HHS fined Presence Health $475,000 earlier this year due to the company’s failure to notify affected customers of a breach in a timely manner.
Legal Fees
If a breach is large enough, consumers may band together and file a class action lawsuit that could end up costing your business millions. One company that was forced to pay consumers who filed a class action lawsuit is Target. Credit and debit card information from tens of thousands of Target customers was compromised in 2013. A group of affected consumers came together to file a class action lawsuit against the retail giant shortly after learning of the breach. After nearly two years, the consumers were finally able to reach a $10 million settlement with Target.
The Overall Cost of Data Breaches
These are just some of the many costs that a business can incur after their data is compromised. The overall cost can vary depending on the industry the business is in and the size of the breach. According to the 2017 Cost of Data Breach Study, companies should expect to pay about $225 per compromised record. This number increases to $380 per record for businesses that area in the heavily regulated healthcare industry and $336 per record for financial businesses.
It’s important to note that these costs only apply to businesses in the U.S. The average cost per record for businesses outside of the U.S. is around $141 since these businesses are not as regulated as those in the U.S.
How to Lower the Cost of Data Breaches
There are several ways that businesses can lower their costs after a data breach. According to a recent study, businesses that can contain a data breach within 30 days can save an average of $1 million. The longer that it takes to contain the breach, the more it will end up costing the company.
The study also found that having an Incident Response team could reduce the total cost of a data breach. Incident Response teams are trained to react to data breaches right away, identify how the data was compromised, and contain the situation as quickly as possible. By having one of these teams in place, businesses could save more than $19 per breached record.
Businesses can also save money by extensively encrypting their data to keep it safe from hackers. By doing this, it’s estimated that businesses can save about $16 per record.
The cost of a data breach can also be lowered if a business gets everyone involved—even members of the board. By including board members in the process of protecting sensitive data, it’s estimated that businesses save a little more than $5 per record.
These numbers may be surprising to businesses that had no idea how much a data breach would cost them. Because data breaches are so expensive, it’s important for businesses to do everything in their power to prevent them.
Start by hiring a reliable e-waste recycler to process IT assets that contain data. ERI is the leading recycler of e-waste in the U.S., and is trusted by various government agencies, Fortune 500 companies, and organizations within the healthcare, technology, and telecommunications industries. For more information on recycling your electronics, or to request a quote for your company, contact us today.