The types of data at risk from cyber attacks include consumer data, employee information and business partners’ information. Table T-1 defines these specific categories of data. The confidentiality of this type of information is critical to a company’s success.
Companies that experience a data breach can face significant costs. Remediation, litigation and the price of complying with notification laws are all costs that need to be considered and paid in order to recover from the reach. The costs associated with data breaches or technology failures can be difficult to quantify as events often have significant hidden costs. One such overlooked cost is the price of diverting internal resources to recover from the crisis. Although it is difficult to anticipate unforeseen costs such as these, a large database has been developed for companies to access that outlines recent breaches and their associated costs.
Fortunately, there have been some positive trends recently associated with the costs of a data breach in the United States. Although the average organizational cost of a data breach remains high at USDS5.5 million, the per-record cost decreased in 2012 to USD194 from USD214, with some variances for specific breaches (1). Similarly, costs associated with the detection and escalation of a breach dropped in 2012 by six percent. Increased regulatory activity pushed notification and legal expenses up ten percent during the same period, however.
These costs can seem somewhat esoteric and difficult to grasp until a company suffers a breach. A simple sense of scale is put in perspective by noting that the average cost of merely misplacing a laptop in 2012 was around USD50,000.
1. Costs were higher if the breach was a result of a malicious attack (at USD222) or if it involved a financial institution (USD247).