What would a data breach really cost?

With this month’s issue centered around Marketing & Branding, this article will show business owners the reality of a data or security breach occurrence. We all know the saying it takes a lifetime to build a reputation, yet that same reputation can be lost in just a matter of a few minutes. Successful firms perpetually try to build a good image or brand. That good image means firms attempt to avoid negative publicity at all costs, especially negative publicity with a business allowing others to steal private information of its clients.

In order to compete and survive in today’s business environment, firms must provide superior customer service. One part of superior customer service, is protecting client data. Since your clients entrust you with so much private information, this is critical.

A survey by the Computing Technology Industry Association reports that “the severity level of information security breaches experienced by organizations has shown a marked increase over the past year.” This can be viewed at www.allbusiness.com; once at the site, perform a search on Tech Security Breaches. This report contains the following consequences of a breach and its effects on a firm:

· Employee Productivity Impacted: 35%

· Network Downtime: 21%

· Revenue Generating Activities: 20%

· Physical Assets Impacted: 17%

· Legal Fees/Fines: 8%

From the above results, one can see that many areas of a business are impacted from a breach and the affect is not just limited to information technology (IT). Furthermore, not only are your clients affected, but also that of your business activities and profits as well. Imagine the additional time associated with clients contacting your business to verify that their data is still safe and secure. A data breach may also lead to clients taking their business and ‘data’ to a competitor.

An article published in Information Week magazine from 2007 states, “Security Breaches Cost $90 to $305 Per Lost Record.” This range is wide because some costs were very difficult to determine. In this article, Forrester Research sampled nearly 30 companies that had some form of data breach to arrive at this cost per lost record.

A senior analyst in the report, Khalid Kark states, “Although studies may not be able to determine the exact cost of a security breach in your organization, the loss of sensitive data can have a crippling impact on an organization’s bottom line, especially if it’s ill-equipped, and it’s important to be able to make an educated estimate of its cost.”

With data breaches occurring more frequently, this study attempts to shed light on the impact on expenses and the negative publicity associated with such a breach. Obvious costs are legal fees. From the article, Khalid Kark also notes that items such as “discovery, response, and notification costs can be substantial.” He “averaged (this alone) to be about $50 per lost record.”

As breaches occur more often, the public eye is focused even more on the items related to such an event. What firm wants the negative attention associated with such a breach? Moreover, there may be additional regulatory fines assessed to a business if such a breach occurs. With all the added public attention to breaches, more firms should take preventive steps to minimize the impact of any such breach.

If still unsure that a breach would really be that costly, all one has to do is look at the TJ Maxx (TJX) data breach. According to Peter Schooff of www.ebizq.net, “IPLocks, a compliance and database security company, has estimated that the cost to TJX Companies, Inc., which owns TJ Maxx, will be around $4.5 billion. This is based on a cost of $100 dollars per record, and costs are a total of fines, legal fees, notification, as well as permanent damage done to the brand.” Yes, you read that correctly, the estimated cost of the TJX data breach is around 4.5 billion, NOT million, dollars.

The same article states, “While $100 dollars per record runs pretty much average, others have said this amount is low. According to Information Week, The Ponemon Institute, a data protection think tank, believes the breach could reach somewhere in the range of $182 per record, which is based on the costs of 31 different incidents. For TJX, that would bring their ever-escalating fiasco to $8.6 billion.” Although this information is not meant to frighten, it does point out that data breaches could literally bring a firm to a screeching halt, trying to deal with the aftermath of such an event.

Most importantly, to ‘save face’ in the business world, if your firm ever experiences such a breach, a critical public relations move must be to notify ALL customers of the event, no matter how small. Many firms that experience a data breach simply do not act quickly enough. Instead, some look for more proof of a breach before acting upon it. Delays normally end up hurting them more than if admitted in the first place.

If you visit www.businesspundit.com, an article about notifying customers reports that “Telling the public that they’ve been breached is embarrassing for them, it makes them suffer from a loss of goodwill and in the case of public companies, the stock prices go down.” The article speaks of certain companies not wanting to admit a breach occurred, even when the Federal Government announced it.

As discussed in other earlier articles within Kentuckian Business Forum, first and foremost, verify that proper security procedures are in place with your business network so that data is protected. In summary, Information Week estimated a data breach costs between $90 to $305 per record, while IPLocks estimates it is between $100 and $180 per record. No matter which figure is used, just a few hundred or a few thousand records could negatively impact the future financial health of a business.

Therefore, any data leak, whether large or small, is counter-productive and will cost much more than any study can accurately estimate. With all other concerns facing small to medium-sized businesses in Kentuckiana, data breaches are yet another factor to consider in today’s digital world. Let’s all keep ‘branded’ images at high levels by protecting not only your business networks, but more importantly, protecting client data.