Unsettling math: Calculating the costs of a data breach
Most organization leaders recognize the need to protect their data in today’s fast-moving mobile business environment. With people using their own smartphones and tablets for work and information being shared through email and used within cloud-based applications, the access points for a breach have become greater than ever. But do those leaders really understand the true costs of a data breach?
As an IT pro, you know that implementing a sound data protection strategy is no easy task — especially when your team is already stretched thin. You need open, intelligent and flexible data security and privacy solutions you can count on to help identify, classify and secure your most business-critical data.
Making a business case for investments in those solutions, however, can fall on deaf ears without solid numbers associated with the risks of not investing. The impacts can vary widely depending on the size and complexity of the breach, the type of data lost and the type of business suffering the loss. Related costs can include a range of services to help with the breach as well as the potential damage to your brand reputation. And penalties related to regulatory noncompliance can be severe.
As a security professional, understanding how a breach might affect your particular business is critical. Public examples of breaches within companies similar to your own can offer guidance, but spending some time analyzing your own organization is crucial.
Breaking it down
A new report from Forrester Research identified seven categories of breach costs:
- Response and notification
- Lost employee productivity and turnover
- Lawsuits and settlements
- Regulatory compliance
- Brand recovery
- Additional security and audit requirements
- Other liabilities
Again, each of these categories can vary widely depending on the breach situation. Forrester offers a detailed breakdown of possible impacts, including cost estimates and example scenarios for various industries. The report also stresses the importance of understanding the security and privacy regulations related to your particular industry. Regulatory penalties include more than just fines: They run the gamut from mandatory audits, changes to your security program and, in some jurisdictions, even imprisonment.
When talking with peers and business leaders, it’s important to tailor the conversation to your particular organization. Identify your most likely scenarios for data loss, and present several concrete loss scenarios. Make sure your business leaders understand why the costs of a breach can vary and explain to them what is quantifiable.
Take a look at the Forrester report for more tips on how to frame your conversation.