A data breach can cause customers to lose confidence in your brand. Customers are trusting you with sensitive data such as their financial information and other personal information as well, and having a data breach breaks that trust between the business and the consumer. It isn't only devastating on the public relations end—it can have a negative impact on the company's revenue as well. IBM has reported that in 2016, a data breach can cost $4 million on average.
If you don't store much customer information, you might be relatively lucky—but if you're a larger corporation, this could have devastating consequences in both the contexts of finances and public relations. Many major companies have reported data breaches in recent times, such as Yahoo!, Anthem, Home Depot, Staples, and Sony. However, this isn't just limited to the private sector. The United States Office of Personnel Management has also been the target of a data breach. Foreign countries such as the Philippines have also been subject to a data breach as well, particularly during the 2016 elections when hackers uploaded the entire database of the Commission of Elections (COMELEC) to Facebook.
This also varies by industry as well. Industries especially at risk include financial institutions and utility companies, which tend to store Social Security numbers and credit card numbers. In 2015, the Federal Communications Commission fined AT&T $25 million for failure to protect the personal information of its customers.
The healthcare industry is also at risk, and data breaches can lead to large fines and criminal charges if information is mishandled. The Health Insurance Portability and Accountability Act (HIPAA) stipulates that healthcare information needs to be handled in a certain way to prevent any unauthorized parties from accessing patients' information. One large fine was $4.3 million in 2010 against Cignet Health of Maryland, and the HITECH Act of 2009, which is related to the Affordable Care Act (ACA) - can fine healthcare companies as much as $1.5 million per incident.
The Ponemon Institute recently reported that breaches involving a third party are also the most costly. In addition to this, a data breach would also result in consequences internally; many extra hours would have to be spent patching the breach and reinforcing security measures to prevent a future data breach. This could drive up costs significantly, which would impact smaller business more than larger ones. In some cases (and especially for smaller companies), it would require them to either hire IT security professionals in-house or outsource their security to a third party, and both have their pros and cons. If law enforcement has to to investigate the attack, the cost also goes up significantly.
If your company is publicly listed on the stock market, this could drive down the stock price and cause investors to withdraw their money. This is a combination of consequences that could affect finances and public relations. If it is serious enough, there could be a class-action lawsuit filed against you, which will inevitably drive up the costs.
So how much does a data breach actually cost? It isn't defined solely in numbers. The costs are both quantitative and qualitative. In terms of brand management, it can be a PR nightmare; in terms of finances, it can cost up to $4 million on average to start. Therefore, keeping your data secure is extremely vital and can be far cheaper than having to patch up the damage that a data breach does down the road. Clarabyte's Wipe Solution, ClaraWipe, provides secure data management that meets or exceeds all major national, international regulatory and technical standards. You can buy a flexible USB tool or schedule a demo today for this data protection solution and drastically reduce the chances of a data breach.