Data breaches can be stunningly expensive for companies both in terms of actual expense but also in loss of consumer confidence. And the attacks are frequent, and increasingly more sophisticated.
Since 2005, more than 9,000 data breaches affecting nearly 11.6 billion records have been recorded
Major data breaches have become common headlines in an increasingly digital world, most recently one was announced by Capital One which affects about 106 million individuals.
Data breaches are essentially situations involving unauthorized access to material containing sensitive personal information which could compromise confidentiality. They generate substantial costs from an individual, corporate and economic perspective.
The Privacy Rights Clearinghouse (a nonprofit consumer education and advocacy organization) estimates that since 2005, there have been more than 9,000 breaches affecting nearly 11.6 billion records. The actual total could be significantly higher, as this number reflects only known instances.
The number of incidents continues to rise due to the increasing sophistication and evolution of the attacks. Data breaches can be the result of human mistakes and behaviors, vulnerabilities in corporate practices or systems, or malicious attacks designed to enter systems and take unauthorized actions.
Individuals affected by breaches may spend a significant amount of time and money dealing with resulting issues, and major incidents typically cost affected businesses millions of dollars.
For firms, the impact can be disastrous. In addition to immediate expenses needed to deal with the issue, their reputations and ability to keep and gain customers can be compromised. Settlements may also be required.
For example, Equifax is spending up to $425 million to help those affected by its 2017 data breach as part of a settlement with the Federal Trade Commission, the Consumer Financial Protection Bureau, and 50 U.S. states and territories.
Many firms have responded with massive investment in cybersecurity and hired talented hackers to work internally to identify and correct vulnerabilities, yet the problem is escalating.
The Ponemon Institute has been analyzing the cost of data breaches for several years supported by IBM Security. The Institute estimates that the average occurrence in the U.S. costs about $8.19 million.
The most commonly affected businesses are in the health care sector.
Much of the real cost of a breach comes even after more easily measured expenses such as attorney fees and litigation, public relations and cybersecurity improvements have occurred. The less obvious expenses include insurance premiums, increased cost to raise debt, disruption or destruction of operations, and lost contracts.
My firm has estimated that, in recent years, the direct costs alone exceed $70 billion.
Companies employ many strategies to reduce the risk of data breaches. Some options come with a high cost, others are difficult to implement, and others impede workflow and even slow innovation.
Because technology is constantly changing and threats are evolving, breaches are difficult to prevent and become costlier every year. Preventing and dealing with breaches involves significant outlays and lost productivity, negatively affecting efficiency and disrupting business operations.
Dr. M. Ray Perryman is President and Chief Executive Officer of The Perryman Group (www.perrymangroup.com). He also serves as Institute Distinguished Professor of Economic Theory and Method at the International Institute for Advanced Studies.