Hidden costs arising from data breaches

Financial costs of data breaches do not come cheap; but how can you quantify such damage when it’s completely avoidable?

IT experts are calling for organisations to assign ‘real costs’ that are associated with breaches. There are many ways it can cost a business, from losing customers, to actual money through fraud.

There are hidden costs too, of course.

Difference in impact from malicious data breaches and non-malicious data breaches

There can be ‘hidden’ costs associated with every single data breach. This was seen in a recent data breach by retailer, Debenhams, who admitted their customers’ data had been stolen through a third-party. The breach will ensure Debenhams undergoes a full review of their cyber-security, according to managing director of Databarracks Peter Groucutt, who notes that the retailer will face hidden costs.

Mr Groucutt says:

“Increasingly, we are seeing organisations struggling to recover from a cyber incident when compared to more traditional types of downtime. If a disk fails or a database corrupts for example, the recovery process is relatively simple. You can failover to a replica system or restore data from a backup. Cyber-attacks however, add an increased layer of complexity.”

The analysis makes sense as the costs and concerns associated with a breach can end up being vastly unknown. With reference to the example he gives, it can be true that data can be recovered if a disk fails or corrupts, but it can be a lot harder to deal with a breach when you don’t know how much data has been lost, or who it’s been lost to. This uncertainty can create problems for organisations; the fear of the unknown, which the term ‘hidden’ costs could mean.

Recovery process

Mr Groutcutt details the process that companies go through when they experience a data breach:

“Firstly, the root cause must be remediated which might include malware removal and access being revoked from any adversaries. Only then can you begin the recovery process, adding significant downtime for your business and customers.”

The act of trying to find the root cause may be very costly to a company if they’re unaware of the perpetrator. It’s not until they find the cause that they can start the ‘recovery’ process; meaning systems may be down until they’re secured.

Costs associated with IT downtime

IT downtime can be very costly to companies. This is shown in a report by CA Technologies whereby U.K. organisations are reportedly losing 300,000 hours and £2 billion a year through IT downtime. The report detailed the time taken to fix failed IT systems can cost the average U.K. business £208,000 a year in lost revenue.

We’re all aware of the catastrophic affect and costs large online companies face when their servers go down.

However, downtime and costs associated with data breaches can be avoidable. If companies spend time and resources into protecting systems with the right security measures, the after-effects could be significantly reduced.

It really isn’t rocket science.

The report also notes that companies can tackle downtime through a re-evaluation of their disaster recovery strategies, which can then improve data protection and the speed of recovery, and consequently reduce long-term costs.