The internet has made it possible for small businesses to thrive using digital tools for marketing, payments, record-keeping and more. However, that convenience comes with risks. The growing quantities of sensitive information stored online pose an immense responsibility and liability to the businesses that hold this data.
Unfortunately, bad actors trying to access valuable data are only increasing in their numbers and efforts. The 2024 edition of Verizon’s Data Breach Investigations Report included over 10,000 confirmed data breaches, a record over previous years.
Data breaches are often extremely costly events for businesses. This column outlines some potential costs and risks, along with suggestions to strengthen cybersecurity posture.
Who is at risk?
Any organization that possesses valuable data is potentially at risk for a data breach. Valuable data could mean customers’ personal information, such as credit card details, medical records or data that is private to the company, such as proprietary information or classified government documents.
Small and medium-size businesses may be particularly vulnerable to a data breach. Luis Aguilar, former commissioner of the U.S. Securities and Exchange Commission, summed it up: “Small and medium businesses face precisely the same threat landscape that confronts larger organizations, but must do so with far fewer resources.”
What are the costs?
A data breach produces two broad categories of costs: direct, tangible costs and indirect, intangible costs. Data breaches can be especially devastating to smaller businesses as they might not have the resources to recover from direct monetary costs needed to handle them. On the other hand, larger organizations could suffer millions of dollars in losses from indirect, intangible costs such as damaged investor relations.
Tangible data breach costs can include:
>> Monetary theft.
>> Remediation and system repair.
>> Regulatory and compliance fines.
>> Legal and public relations fees.
>> Notification, identity theft repair and credit monitoring for affected parties.
>> Increase in insurance premiums.
Potential intangible costs:
>> Business disruption and downtime.
>> Loss of business or customers.
>> Loss of intellectual property or competitive advantage.
>> Damage to firm credibility, brand and reputation.
The annual Cost of a Data Breach Report sponsored by IBM and conducted by the Ponemon Institute found that the average cost of a data breach across organizations of all sizes in 2023 was $4.45 million. The cost for businesses with fewer than 500 employees was not much better, at $3.31 million.
Ransomware has been a growing threat for businesses of all sizes. According to the Sophos State of Ransomware 2024 report, the median payment for a ransomware attack is $2 million.
Strengthen your cybersecurity posture
Regardless of the size of your business, cybersecurity is a critical risk management component in protecting your organization. According to the IBM/Ponemon report, organizations with extensive security AI and automation saved an average of $1.76 million, plus they identified and contained breaches an average of 108 days sooner than their counterparts that weren’t automating their security efforts. The time factor is significant because containing a breach within 200 days can save $1.02 million, compared with containment efforts that extend beyond 200 days.
Protect your firm
Forming an incident response plan, engaging a response team and frequently testing for various breach scenarios will help prepare your organization for a real cyberattack. According to the IBM/Ponemon report, using a development, security and operations approach that emphasizes IT security at every stage of the product life cycle was the highest cost saver for businesses. Implementing practices such as employee training, incident response preparedness, encryption and cyber insurance all helped to reduce the cost of a data breach.
The factor that drove up costs most significantly was the complexity of the security system. Therefore, the smart move for small businesses is to find all-in-one comprehensive security solutions, preferably with automation and AI assistance built in.
Businesses of any size, but particularly small businesses, should keep security in mind and consider working with a trusted provider to minimize the cost and disruption associated with data breaches.
Jaspher Respecio is manager of security operations at Hawaiian Telcom. Reach him at jaspher.respecio@hawaiiantel.com.
