Breaches are in the news everyday and they are happening to companies large and small; knowing the costs your company could incur from a breach is an important step in deciding how much to invest in your cyber security budget.
With almost daily public data breach disclosures, you’d think more organizations would take cyber security more seriously and the number of breaches would be decreasing. Unfortunately, we continue to see a high number of breaches and the amount is only growing.
When an organization experiences a breach, it is a serious event with many obstacles to overcome. The organization must:
- Identify the breach
- Contain the breach
- Recover technically from the breach
- Deal with public disclosures to any customers possibly affected by the breach
- Restore trust in its clients and partners
- Make improvements to existing infrastructure to mitigate the risk of future breaches
These efforts all incur costs. So, just how much does the average breach cost an organization?
Average Breach Costs
An IBM study recently found that the average total cost of a breach in 2018 was $3.86 million—a 6.4 percent increase from 2017. IBM also reported that the average breach cost per lost or stolen record was $148 and the likelihood of a recurring material breach in the next two years was 27.9 percent. In the same study, IBM also discovered that organizations saved an average of $14 per record when having an incident response team.
Although the threat of a data breach has increased over the years, as well as the cost of damages, most organizations are not taking the necessary steps to mitigate such risks. According to a survey by Varonis, 88 percent of organizations with 1 million folders have 100,000 folders accessible by every employee within that organization, 57 percent of organizations have over 1,000 folders with inconsistent permissions, 30 percent of companies have over 1,000 sensitive folders open to everyone, and only 3 percent of a company’s folders are protected. In a study from Verizon regarding 2018 data breaches, 58 percent of data breach victims were small businesses.
The components of the $3.86 million cost per data breach are as follows, according to the Ponemon Institute’s 2018 Cost of a Data Breach study:
- Lost business cost $1.45 million – abnormal turnover of customers, increased customer acquisition cost, reputation losses, diminished goodwill
- Detection and escalation $1.23 million – forensics, root cause determination, organizing incident response team, assessment and audit services
- Post-breach response $1.02 million – help desk, inbound communications, special investigations, remediation, legal expenditures, product discounts, identity protection service, regulatory interventions
- Notification $0.16 million – disclosure of data breach to victims and regulators
Breach Costs Could Put SMBs Out Of Business
SMBs are easier targets for hackers. They typically are less secure than larger organizations due to smaller IT budgets, fewer administrators with security experience, and staff that is less likely to have recurring security training. This makes SMBs ideal victims for malware campaigns.
Such campaigns usually start with a phishing email that an employee opens; how far attacks spread depend on the security posture of the organization. Larger organizations who have security administrators constantly monitoring the network may be able to contain a threat before it becomes a serious issue, but smaller organizations often take a big hit since they have limited capability to detect and contain an attack. Thus, one cyberattack can put a small business out of business if the damages to systems and reputation are significant enough.
As the data shows, breaches have a significant impact on an organization’s bottom line. So how can SMBs effectively mitigate this threat while still maintaining a manageable IT budget?
Blackpoint Cyber offers its 24/7 Managed Detection and Response service to address the typical shortcomings of SIEM technology and to stop breaches in their earliest stages. As you can see in the chart above, the faster a company was able to identify and contain a breach, the lower the total cost of the breach – out of all the reasons to employ Blackpoint Cyber’s MDR service, this may be the most logical one.
To ensure organizations of all sizes, including SMBs, can experience the rapid detection and response of Blackpoint’s MDR, we offer this service at a very reasonable cost and we partner with MSPs around the globe so that you can get all your IT needs taken care of at once – cyber security included.
To learn more about the SNAP-Defense platform and Blackpoint’s 24/7 managed detection and response (MDR) service or to find a local managed service provider who partners with Blackpoint, click here.