The latest Ponemon institute report on data breach costs are out. The average cost of data breaches in the U.S.has actually fallen in the past year. In 2012 the total cost was estimated at a total cost of $194 per record, and in 2013 the total cost is now estimated at $188. Total cost equals both direct and indirect expenses incurred by companies suffering a breach. Direct expenses include costs of engaging forensic experts, outsourcing the hotline support functions and providing free credit monitoring services. Indirect expenses include in-house investigations, communications and the loss of customers and damage to brand values as a result of the breach. The full report, which is quite extensive can be found here:
While the cost per record has fallen $6.00, that’s not really good news because it’s overshadowed by the frequency of
Hackings, breaches and lost data, which continues to increase; not only in the US but world wide.
What’s the exposure your company has to this risk? At the very least it could be the number of “records” you maintain which contain personally identifiable information plus employee records. Your exposure could be a percentage of those total records that might be potentially stolen or hacked at any one time – say for a moment that you have 2500 records and half of them are compromised in a cyber attack – that’s 1,250 records multiplied by $188 in remediate total costs. That equals $235,000, which for any small business is pretty significant. The bad news is that those costs are not covered by any other business policy you may have, other than a cyber-liability policy (unless cyber coverage is incorporated into your business owners policy or other coverage form). So imagine having to pay that out of pocket? Wouldn’t it make sense to insure that risk? For many small and medium sized businesses the cost of cyber coverage can be had for under $2,500!