Data Hacks Are More Than A Nuisance And Liability: They Are Expensive

A data breach's financial impact on an organization is considerable. A recent survey found that 27 percent of organizations that experienced a breach spent between $5,000 and $50,000 to respond, and 30 percent spent between $50,000 and $100,000. Only 20 percent of organizations spent less than $5,000 addressing a breach.

Twenty-nine percent of U.S. organizations experienced a data breach in 2016. The survey also found that a vendor or contractor caused 47 percent of data breaches; employee negligence caused 21 percent; and lost or stolen mobile devices or storage media caused 20 percent of the breaches.

Of those surveyed, 51 percent said that "lack of knowledge" would be their biggest hurdle to recovering from a data breach, while 41 percent named "a lack of resources" as the biggest obstacle. Two-thirds of those who experienced a data breach said that it negatively affected their organization's reputation. Patricia Daddona "Survey: Cyber hacking a costly expense for many businesses," (Dec. 11, 2017).   


According to a 2015 study conducted by Ponemon Institute, cyberattack resolution takes an average of 46 days at a cost of $21,155 per day, which, according to their study, means the average breach costs an organization a total of $973,130.

However, employers must keep in mind that paying a cybersecurity expert to discover the vulnerability that led to the hack and fix it is not the only cost associated with a cyber breach.

Cyberattacks disrupt an organization’s ability to conduct business, and that lost revenue alone can add up to hundreds of thousands of dollars. Similarly, an employer may have to pay additional employees to field calls and provide information to customers about the breach. Data breaches can even lead governmental regulatory agencies to fine the organization that experienced the breach.

In certain cases, customers whose data was compromised in the breach have filed class action lawsuits against the organization, and these settlements can be huge. Target paid $18.5 million to settle a class action lawsuit after 41 million customers had their data compromised in its notorious 2013 breach.

Additionally, organizations must provide free credit card monitoring and identity theft prevention services to customers affected by a data breach, which can cost several dollars per customer. Depending on the size of the breach, that expense alone can be substantial. The U.S. Consumer Bankers Association shows that Target spent over $172 million just to re-issue credit cards to those affected by the 2013 data breach.

Finally, there is the damage to an organization’s reputation following a data breach, which can be difficult to quantify. According to a 2016 survey of 2,000 adults in the U.S. conducted by Vanson Bourne, 76 percent of customers would no longer use a company with a record of multiple data breaches.

Finally, your opinion is important to us. Please complete the opinion survey:

Keep me signed in

Forgot password?