The new Ponemon Institute 2015 Cost of Data Breach report was released recently. This report looks at the costs of 2015 large enterprise class data breaches, but there are some salient pieces of information for small business owners to consider when formulating their cyber security risk management plans.
The average cost per record lost in a data breach increased from $201 in 2014 to $217 in 2015. Different sorts of records had different costs associated to them. For instance, more detailed records such as health records have an average cost of $398 each, but retail or credit card records cost $189 each. There are also additional costs related to unusually high rates of customer loss after a breach, and the hardware, software, and labor costs associated with mitigation and recovery. These costs were pegged at $74 per record.
So a small chiropractic or optical office with 1000 client records might anticipate costs approaching $400,000 in the form of fines. penalties, lost revenue, law suit judgements, and direct IT recovery costs. A small retailer might sustain around $200,000 in costs related to a 1000 customer credit card breach.
The hopeful take-away from this report was that companies who had incident response plans and teams in place reduced their losses by a significant percentage. Small companies can benefit from making these sorts of plans, but for the most part have not, believing that their small size somehow makes them a less desirable target. This is unfortunately false. Quite to the contrary, small companies are preferred targets simply because their security is so much weaker, and the chances of discovery are much lower.
We have been urging our clients to put in place a cybersecurity plan that focuses not just of prevention, but also on employee education, early detection, and planned mitigation strategies. We believe this is the best solution currently, and partnering with a cybersecurity professional who focuses on small business solutions will make the process happen faster and ultimately be more successful.