Revisiting Costs of a Data Breach

Last week we talked about some of the costs of a data breach which you can listen here. In this article we’re revisiting the costs of a data breach to business and then we’ll highlight some of what everyday people experience.

Here are the business costs.

The breach itself:

• Downtime: Depending on how the breach occurs, there may be network and other resource outages which is more likely with a ransomware attack with regard to stolen data. Employees may not have access to resources at this time, whether due to the attack or orders from management not to touch anything.
• Incident response: As a business owner, you’re now dedicating resources internally, or externally, to handle the incident. You’ll also want digital forensics experts to collect and examine evidence which is another cost to you.
• Disaster recovery: In some cases you may need new hardware. If you already don’t have spare gear on site, you’ll need a vendor to send stuff over to you. How long will it take to get employees that work remotely up and running? This all takes time. Depending on how you’re set up, you’ll spend time imaging machines and migrating data back over to them. If you rely on a cloud service that was affected by a breach, what’s your plan to recover data and if that provider is down, how long until services are restored?
• Insurance: If you have cyber liability insurance, your costs, more likely than not, will go up.

Let’s look at reputation

Reputation costs:

• Loss of revenue: Some of your customers may flee to competitors they feel will do a better job at protecting their data. This contributes to lost revenue. If your intellectual property was stolen, this also contributes to lost revenue because a competitor, or foreign adversary, is profiting off your (not so)secret sauce. If you’re publicly traded, your stock may take a hit if your stakeholders lose confidence.
• News: The last thing your organization wants to deal with is being in the news as a result of a data breach, or worse, finding out your company had a breach through the news. Depending on the authority of the news outlet, the reach of their coverage can shape how people perceive the incident.
• Public relations: That news cycle in the point above is a bummer. Now you need to hire a PR firm or dedicate internal resources to put this fire out. The stakes are high as fumbled communication to affected customers, and the public, makes the situation worse. This could lead to more customers fleeing and more unwanted news making headlines.

Lastly, let’s talk legal costs. As a reminder we are not a law firm, so we are not offering legal advice or opinion. If you are concerned about legal exposure and risk related to a data breach, seek a knowledgeable attorney to answer your questions.

Legal costs:

• Penalties and fines: If you’re mandated by a law, or regulation, some fines, depending on the industry, can reach to tens of thousands of dollars per violation.
• Litigation: If you find yourself as the defendant, you have the costs of your attorneys to contend with. If you lose, then there’s the cost of the settlement. If intellectual property was stolen, there’s the legal costs of fighting that battle too.
• Credit Monitoring/Identity Theft Protection/Identity Restoration: If you’re mandated by law, or regulation, you may be required to provide customers, or other parties that provided you with personally identifiable information, with some sort of service that covers Credit Monitoring/Identity Theft Protection/Identity Restoration at no cost to them. This is obviously a cost to you.

Now let’s highlight some of the costs those affected by a data breach incur.

Personal costs:

• Financial cost: If the breach leads to them being defrauded, that money is gone. There’s also time spent traveling to people that can help. There’s the cost of hiring others, or purchasing services, to help with data breach related stuff.
• Time: If the fallout of a data breach affects you, you may spend time making endless phone calls; the majority of which will probably be while you’re working. Time dealing with your bank, your credit card company, the police, and others helping you deal with the breach. Time away from work to travel to those who may need to help you. You’ll spend time at home running anti-virus scans. Time spent replaying what happened in your head and research fixes to anything that may be broken on your end. Time spent thinking “Did those fixes work? How do I know if the fixes worked? Did the anti-virus catch everything? Are THEY still in my devices? Do I need to buy new devices? Did they get into my bank account? Did they make purchases with my credit card info? Did they steal my identity?” We can’t forget about time spent resetting all your passwords.

These are some of the costs related to a data breach on both the business and personal side of things.

How do we help?

On the business side of things, we prefer to be proactive. After the fact, when you’re breached, fixing things will increase your costs. The core of what we do is look for things that can harm your company in the outside world (aka the web). We can also help in an advisory role with cybersecurity frameworks.

On the personal side of things, we offer identity theft protection and restoration service plans for individuals and families. We help educate you and your family on how to better lock down your devices. We also offer digital footprint reviews that help identify cybersecurity, identity theft, and privacy risks.

If you’re an attorney helping a client through a data breach, have a conversation with us to learn how we can assist.

If any of this resonates with you, start the conversation by filling out the contact form below. And while you’re here, remember to sign up for newsletter to stay informed.