The real costs of a data breach

According to Ponemon Institute’s 2017 Cost of Data Breach Study: United Kingdom, data breaches cost UK organisations an average of £2.48 million. When a data breach hits the headlines, we immediately think of the fine that the breached organisation may receive. However, there are a number of other costs associated with a data breach that aren’t just financial.

These can include the legal expenses involved in dealing with a compensation claim, providing complimentary credit protection services for those affected, and reputational damage, which could cause existing customers to go elsewhere and prevent you winning new business. Depending on the severity of the incident, job losses are also a possibility. Data breaches can have a lasting impact on organisations and could put their future in jeopardy.

2017 saw more data exposed in the first six months of the year (1.9 billion records) than in the whole of 2016 (1.37 billion records). With cyber attacks becoming more sophisticated and data breaches becoming a common occurrence, this trend is likely to continue in 2018.

What action can be taken?

Cyber criminals are showing no sign of slowing down, so organisations need to be prepared. Ensuring that a robust cyber security policy is in place is a must. It should include traditional security measures, as well as ensuring policies and procedures are documented for maintaining and enforcing it. Incident response plans and information on user admin rights should also be included.

Employee training also needs to be factored in because no matter how prepared an organisation thinks it is, its employees will always be a wildcard. Employees’ tendency to expose data, their inability to create safe passwords and other similar weaknesses mean that organisations must help them follow best practice as much as possible.

When the General Data Protection Regulation (GDPR) comes into effect in May, data breach reporting will become mandatory. Ignoring this and the GDPR’s other requirements could result in a regulatory fine. For further advice on how to prevent a data breach, read this blog.

One Response

  1. Tim Morgan 29th January 2018