A pair of recent studies examined the cost of data security breaches and provided recommendations on what companies need to focus and vulnerabilities to consider.
The study from Juniper Research found an annual cost of data security breaches across the globe of $3 trillion and estimated that the cost will climb to $5 trillion per year by 2024.
“This will primarily be driven by increasing fines for data breaches as regulation tightens, as well as a greater proportion of business lost as enterprises become more dependent on the digital realm,” the report explained. According to "The Future of Cybercrime & Security: Threat Analysis, Impact Assessment & Mitigation Strategies 2019-2024," the dollar cost for each data security breach “will steadily rise in the future,” but “the levels of data disclosed will make headlines” without directly impacting the cost of breaches, “as most fines and lost business are not directly related to breach sizes.” The report stresses the importance of “human-centric security tactics” to protect business enterprises.
Meanwhile, the annual “Cost of a Data Breach Report” from IBM in July, conducted by the Poneman Institute, found the “cost of a data breach has risen 12% over the past 5 years and now costs $3.92 million on average.” Small businesses take the biggest beating: “companies with less than 500 employees suffered losses of more than $2.5 million on average – a potentially crippling amount for small businesses, which typically earn $50 million or less in annual revenue.”
One of the most useful revelations from the report was that “the speed and efficiency at which a company responds to a breach” can be one of the biggest determinants in its cost. The “average lifecycle of a breach” in the IBM report “was 279 days, with companies taking 206 days to first identify a breach after it occurs and an additional 73 days to contain the breach. However, companies in the study who were able to detect and contain a breach in less than 200 days spent $1.2 million less on the total cost of a breach.”
As always, marketing research and data analytics companies and organizations should review Insights Association guidance on data security. Further, IA company members should adopt the ISO 27001 Information Security standard, line up some professional liability insurance, and get help with customized cybersecurity solutions.
This information is not intended and should not be construed as or substituted for legal advice. It is provided for informational purposes only. It is advisable to consult with private counsel on the precise scope and interpretation of any laws/regulation/legislation and their impact on your particular business.