What’s the true cost of a data breach?

Almost two-thirds of CISOs have had to deal with a loss of sensitive information from their organisation in the past 12 months, whether via a malicious attack or an accidental data breach. What does that end up costing a business?

Losing internal data through an accidental or malicious breach is one of the main threats keeping business leaders – and CISOs specifically – up at night. Indeed, according to one survey by KPMG, C-suite concerns about cybersecurity have increased significantly in recent years, with as many as 73% of business leaders now worried about a corporate cyber attack, compared with 61% in 2021.

There’s good reason for that concern too, as a recent survey by Proofproof shows. Globally, 63% of CISOs say their businesses have experienced a material loss of sensitive material over the past 12 months. And that figure can be even higher in certain major economies, including the UK.

To complicate matters further, the likelihood of being affected by a breach is also distributed unevenly between industries. Organisations working primarily in energy (71%), professional services (68%) and retail (68%) are more likely to experience a data breach than those operating in other sectors, for example. The healthcare and financial services sectors experience the costliest breaches on average though, at $10.1m (£7.9m) and $5.97m apiece.

Those aren’t the only points of variance either. The exact nature of the data breach will also differ in each instance, inevitably leading to different clean-up processes and overall costs. Major vulnerabilities in an operating system (OS), for instance, are likely to prove costlier to rectify than a simple case of incorrect permissions sharing.

Naturally, the consequences of a data loss event can be as wide-ranging as the causes. For instance, a third of CISOs report that their business took a direct financial hit as a result of the data loss. But other, longer-term impacts, such as a loss of customers and reputational harm, may have a more insidious effect.

It’s worth remembering that these costs will come on top of businesses’ existing expenditure on cybersecurity measures to prevent such data breaches from occurring. And in the aftermath of a data loss event, many CISOs will choose to respond by doubling down on these costs – and may actually have an easier time convincing senior leaders of the need for that expenditure in the wake of their data mishap. 

The pain is getting worse, too. In the last two years alone, the average total cost of a data breach has increased by 12.7%, with most segments which contribute to that total cost having increased. 

It’s a trend which makes it all the more important for businesses to get their cybersecurity as tight as possible, to avoid a potentially significant outlay in the event of a breach.