The True Cost of a Data Breach

July 15, 2015 5 min Read

What do Data Breaches Really Cost?

When sensitive or confidential data is lost or stolen and subsequently put at risk, then a data breach has occurred. The consequences are severe to your company’s reputation and bottom line.

In 2014, it seemed like every few weeks there was another company that had its network hacked leaving personal information and their customers compromised. More than 1 billion personal identifiable information (PII) records were stolen during this year. Companies must protect against data theft as it is an increasingly costly problem (in dollars and in reputation) to have a data breach.

The 2015 Cost of Data Breach Study conducted by the Ponemon Institute1 found that the average consolidated total cost of a data breach in 2014 was $3.8 million, which is a 23 percent increase from 2013. The same study also found that the cost per each lost or stolen record that contained sensitive or confidential information was $154, a six percent increase over 2013. The study broke the results down further to find that the average cost per personal record lost to malicious or criminal attacks is now $174, up from $159.

How to Reduce the Cost of a Data Breach

The Ponemon study found that corporations with a high level of involvement from board directors reduced the cost for each record by $5.50. When board members are more involved in security issues, they are more apt to spend the appropriate dollars to protect data and they are also quicker to act when a data breach occurs, resulting in less dollars being spent in the recovery phase. Business continuity plans can also reduce the cost of a data breach by $7.10 per record. The study also found that companies with business continuity plans and management teams were less likely to experience a mass data breach involving more than 10,000 records. Another factor that can reduce the cost of a data breach is purchasing cyber insurance. Insurance can decrease the cost of each stolen PII record by $4.40.

Protecting your Data in the Cloud

With all of this information, how can you be sure your data is protected in the cloud? You must do your due diligence when choosing a cloud-hosting provider and it’s critical that you have reliable backup and disaster recovery plans.

Always ask what services the cloud provider is offering and what security or compliance measures are implemented to ensure the integrity of your environment. You will also want to know who will have access and control of your cloud environment, and how you will access your cloud. Check to see how many data centers the provider has and where they are located. Ask about the data recovery process in the event a restore is necessary. The answers to these questions must be acceptable and requesting several customer references, case studies and/or statistics are a must. This information should alleviate your worries about choosing a cloud provider.

With the marriage of technology and people, mistakes, errors and downtime are bound to occur; nothing is 100 percent full-proof. Being prepared and able to readily access, and recover data after an outage, interruption or loss of data is a necessary insurance policy. According to the Veeam Datacenter Availability Report 2014, medium to large companies found that, on average, they lost $2.1 million annually due to downtime. That cost can be cut significantly if you have a reliable DR plan that gets your environment back online quickly.

At Expedient, your data is highly available and protected. All of our data centers complement a variety of industry and government regulations and measures including HIPAA, PCI DSS, SOX and supported by third-party SSAE 18/SOC attestation reports. They are also staffed 24x7x365 and have multiple levels of physical security. Each facility is a completely controlled environment that is protected by multiple mantraps, a security system with employee-only keycard entry and biometric hand scanning, as well as secure cameras with motion detection and recording to ensure that the best physical security mechanisms are in place.

Computing is protected by multiple firewalls and we offer geographical diversity for managed backup and disaster recovery options through our 100Gbps fiber-optic-ring which connects our national footprint of Tier 3 data center facilities.

As Senior Vice President and Chief Operating Officer, Jonathan Rosenson is responsible for overseeing organizational functions that drive growth at Expedient. Jon additionally acts as an external spokesperson conveying the Expedient story. Follow him on Twitter.

1) Ponemon Institute’s study comprised information from 1500 interviews with IT, compliance and information security practitioners across 350 organizations in 11 countries, including the U.S., United Kingdom, Germany, Australia, France, Brazil, Japan, Italy, India and Canada.
Jonathan Rosenson Jonathan Rosenson

Subscribe to Our Blog