What is the cost of a data breach? Blog | What is the cost of a data breach?
Cyber 12/16/20

What is the cost of a data breach?

Data breaches affect commercial enterprises and customers alike; businesses lose credibility while potentially facing class-action lawsuits, whereas consumers can be victims of identity theft or payment fraud. In the case of businesses, apart from the bad press and regulatory headaches caused by a data breach, the financial implications can bleed the business dry for years to come.

So, what is the actual cost of a data breach? We have some numbers.

What is the average cost of a data breach?

According to the Cost of a Data Breach Report 2020 prepared by IBM and Ponemon Institute, the global average cost of a data breach is $3.86 million, which goes up to a monumental $8.64 million as the average cost for companies in the United States – numbers that can potentially put large enterprises under duress and compel smaller businesses to close up shop.

The report also includes information on how data breaches impact industries. Heavily regulated industries tend to face greater costs because of the sensitive and confidential nature of the data. E.g., the sector with the highest average cost of a data breach is healthcare at $7.13 million, which dwarfs other industries with less stringent regulatory requirements wherein the average cost amounts to $2 million.

Although the large numbers apply to companies of all sizes, small businesses are increasingly a target for cybercriminals, especially ransomware attacks, and they now routinely see costs around $200,000, which is enough to put many- who don’t have adequate protection- out of business.

Furthermore, a data breach takes an average of 280 days to identify and contain, which only compounds the costs. We would like to think that if we get hacked, we’d know it right away, but as the numbers show, in most cases the company doesn’t discover the breach until much later. It is also important to note that the pandemic-induced work-from-home culture can significantly increase the time required to identify and mitigate a data breach, resulting in an incremental escalation of data breach costs by $137,000.

The report further argues that businesses can save an average of $1 million if a data breach can be identified and contained in less than 200 days. If a business takes longer than 280 days, the report found that 39% of a data breach costs are incurred a year following the breach – as the adage goes, “the early bird catches the worm”; when it comes to getting hacked, the “early bird” might save themselves from going out of business.

What are the types of costs related to a data breach?

After the promulgation of data protection regulations like the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and industry-specific rules concerning consumer protection, businesses exposed to data breaches may be subject to costly fines and penalties. A recent study by researchers from the University of Maryland and Robert Morris University aggregated the direct and indirect costs of data breaches for both the business and consumers:

Company data breach costs
Table 1, page 165

Due to the sensitive nature of the information, businesses must inform the consumer of any breach that affects their data, and failure to do so may result in further fines. These, along with immediate data breach costs, are relatively short-term costs. The real punch to the gut comes in the form of long-term expenses, i.e., class-action lawsuits, damage to reputation, the decimation of consumer confidence, erosion of market capitalization, and loss of business opportunities.  The report states: Indirect costs are often latent, hidden, and difficult to recognize and measure. For example, research shows that the probability of banking customers ending business relationship with their banks increases significantly in the six months following a fraudulent transaction or security breach.”

How can the cost of data breaches be reduced?

For many businesses, the cost of a single data breach can result in enormous financial strain or even permanent closure. However, there are ways for businesses to mitigate risks involving a data breach.

Security Automation and Cybersecurity Response

Companies with a fully deployed security automation system can save an average of $3.58 million compared to a company with limited or no deployment of the security automation system. Even small businesses with few resources can implement a small business cybersecurity plan. Likewise, companies with an incident response team can reduce the financial burden by an average of $2 million. But no kind of security automation can fully ensure the prevention of data breaches because malicious attacks are in constant evolution, and not all data breaches are a consequence of external actors; some occur due to non-compliance with internal guidelines (or lack thereof) by the employees.

Cyber Liability Insurance

Cover your costs and get help from experts when you need it with cyber insurance. Cyber coverage has gone from an innovative insurance product for early adopters to an absolute necessity for companies large and small. Small businesses are increasingly the target for ransomware attacks due to having weak cyber defenses. Larger corporations with plentiful resources and strong security are frequently found in the news regarding cyberattacks. Cybercriminals are continually evolving their capabilities to dismantle new defenses and the best way to get protected from financial ruin is with insurance.

Case Study: Marriott International

To put things in perspective, let us consider the Marriott’s data breach costs.

Marriott revealed a massive data breach at the end of 2018 (the actual infringement took place in 2014) that saw data of more than 500 million records of its global customers compromised. Initially, the Information Commissioner’s Office (ICO), the UK data protection watchdog, fined Marriott to the tune of $123 million for the breach, which was later settled for $23.8 million in 2020 after years of protracted negotiations – nevertheless, a hefty sum. Furthermore, Marriott faced the wrath of Turkey’s Personal Data Protection Board (KVKK), which further fined it to the tune of $265,000 for the violation, underscoring how a single data breach can result in multiple fines globally.

But the real question is how much Marriott is going to pay? The answer is less than $1 million.

But how? A cyber insurance policy.

Regardless of the form of risk, insurance is the most effective way to cover costs. By opting for cyber insurance, enterprises can recover costs associated with business disruptions, regulatory fines and penalties, crisis management, and the cost of forensics as well as investigations. With the increasing use of digital software in day-to-day operations and the widespread acceptance of digital payment methods, there has never been a more opportune time to take a proactive approach to risk management and protect a business from cyber threats – it pays to pay your cyber insurance premiums, just ask Marriott.

You might be surprised to learn how affordable cyber coverage can be. Small business only pay for the coverage they need. Get an instant quote with our online cyber liability application.

Learn more about how cyber insurance can help your business.

To help you understand your company’s specific risks, we have a cyber risk assessment tool that will give you valuable insights on where you might have weak cyber defenses.

 

Blog

Tips for protecting yourself and your business.

Mental Health

Providing Peace of Mind: Insurance for Mental Health Workers

Mental Health

7 Reasons Rehabilitation Counselors Should Get Malpractice Insurance

Pharmacy

Pharmacy Technician: What’s Next?

Consultants

Common Mistakes When Starting a Consulting Business

Mental Health

8 Reasons a Family Counselor Should Be Insured

Mental Health

Professional Liability Insurance for Mental Health Technicians: What Does It Cover?

News

NOW Insurance Partners with Hiscox on Medical Malpractice Insurance

Healthcare

What to Know About Multi-State Healthcare Licensure

Healthcare

6 Risks of Being a Substance Abuse Counselor Without Malpractice Insurance

Healthcare

What Are the Best Upskilling Opportunities in Healthcare?

Healthcare

How Virtual Care Expands Access to Specialists

General

Thinking of Becoming a Therapist? 5 Things to Know

Healthcare

Do School Counselors Need Their Own Insurance Policy?

Healthcare

5 Rewards of Being a Mental Health Technician

Healthcare

What are Key Compliance Issues in Home Healthcare?

General

The Home Hospital: What Is It and How Will It Affect Future Care?

Healthcare

What Challenges Should School Counselors Expect as Schools Reopen?

Healthcare

Sharing the Workload: Questions You Can Ask Your Pharmacist Instead of Your Doctor

Healthcare

5 Situations Where Testing Labs May Be Legally at Risk

Healthcare

Do Marriage Counselors Need Professional Liability Insurance?

Healthcare

8 Malpractice Insurance Terms Every Medical Professional Should Know

Healthcare

Social Worker Insurance: Do I Need My Own Coverage?

Mental Health

Pandemic Pressures Drive Increased Need for Mental Health Technicians

Nurses

Celebrate National Student Nurse Day on May 8

Nurses

National Nurses Week: Celebrate May 6-12

Healthcare

Why Nursing Students Need their Own Professional Liability Policy

Healthcare

How to Find Affordable Professional Liability Insurance for Home Health Providers

Healthcare

5 Benefits to a Career as a Pharmacy Technician

Healthcare

How Digital Pharmacies Will Change the Industry

Healthcare

How to Become A Pharmacy Technician

Healthcare

Supporting Providers in the Age of Telehealth

Healthcare

12 Keys to Finding the Best Physical Therapist Insurance

Healthcare

When Are Lab Technicians Liable? Five Reasons to Carry Professional Liability Insurance

Healthcare

What Is and Isn’t Covered by Malpractice Insurance?

Healthcare

Why COVID Testing Labs Should Carry General Liability Insurance

Healthcare

Do Occupational Therapists Need Malpractice Insurance?

Healthcare

Can Lab Technicians Be Sued for Malpractice?

Cyber

5 Reasons Cyber Security Insurance Is Becoming More Important Than Ever

Cyber

What Sort of Insurance Will Cover Physical Therapists?

Cyber

Helping Hesitant Patients Embrace Telehealth

Cyber

Why COVID Testing Labs Should Have Cyber Security Insurance in Case of a Data Breach

Nurses

GI Nurses and Associates Week: Highlight A GI Nurse Hero March 21-27

Nurses

What Malpractice Risks Do GI Nurses Face?

Nurses

What Kind of Nurse Should You Be? Check Out the Growing Field of Gastroenterology

Healthcare

6 Risks Lab Technicians Face Without Professional Liability Insurance

Healthcare

Do Contact Tracers Need to Protect Themselves with Professional Liability Insurance?

Cyber

Telehealth Rules Relaxed During Pandemic

Cyber

Telehealth is More Than Just Video Appointments

Healthcare

Pharmacists: Which Specialty Is Right for You?

Healthcare

Sued for Malpractice: A Guide for Nurses and NPs

Healthcare

A Guide to Medical Director Insurance and the Costs

Healthcare

2021 Trends to Look for in Occupational Therapy

Healthcare

Become a COVID-19 Contact Tracer

Healthcare

How Much Does Physician Assistant Malpractice Insurance Cost?

Healthcare

Lab Technicians: Is a Travel Job Right for You?

Cyber

Why Your Agency Needs Home Healthcare Insurance

Healthcare

Covering Covid-19: Is Your Medical Laboratory at Risk?

Healthcare

A Complete Guide to Insurance for Physical Therapists

Healthcare

The Costs of Medical Staffing Agency Insurance

Healthcare

Why Start a Non-medical Home Healthcare Business

Healthcare

IV Nurse Day: Celebrate Jan 25

Healthcare

How to Become an IV Nurse

Healthcare

Charting by Exception: Errors by Omission or The Efficient New Norm?

Healthcare

Are You a Culturally Competent Nurse?

Healthcare

Risks of Abbreviations in Nurse Charting

Healthcare

A Guide to Starting a Home Healthcare Business

Healthcare

Nurses and The Good Samaritan Law

Cyber

Cyber Liability and HIPAA Compliance

Cyber

Why Hackers Love Healthcare Data

Cyber

Ransomware Rampant in Among Small Businesses

Cyber

What is the cost of a data breach?

General

NOW Insurance closes $2.5 million seed round, enhances AI-enabled platform

Cyber

Cost of a HIPAA Violation

Cyber

How to Create a Small Business Cyber Security Plan

Cyber

Small Business and Cloud Storage: Is Your Data Secure?

Cyber

Social Engineering: 7 Common Red Flags

Event Planning

Getting Liability Insurance for Events

Event Planning

Starting an Event Planning Business: A to Z

Event Planning

How Much Does Event Planning Insurance Cost?

Event Planning

Insurance for Event Planners: What You Need to Know

Event Planning

What’s Included in Event Planning Insurance Coverage?

Insurance Basics

What Can a Tax Preparer Be Held Liable For?

Insurance Basics

Tax Preparer Insurance 101

General

4 Nurse Staffing Issues to Avoid

General

What You Need to Know to Be a Tax Preparer

Insurance Basics

Insurance for Bookkeepers: A Complete Guide

General

How to Start a Nurse Staffing Agency

Insurance Basics

What is Liability Insurance for Bookkeepers?

General

How to Build Customer Relations in Your Business

Insurance Basics

A Guide to Medical Staffing Insurance

General

Developing an Effective Risk Management Plan

Insurance Basics

All You Need to Know About Therapist Insurance

Insurance Basics

What is Malpractice Insurance for Counselors?

Insurance Basics

Benefits of Therapist Liability Insurance

Insurance Basics

What’s the Average Counselor Malpractice Insurance Cost?

Insurance Basics

Risk and Hazards of Being a Massage Therapist

Insurance Basics

Do Nutritionists Need Insurance?

Insurance Basics

What’s Included In Massage Insurance Coverage?

Insurance Basics

Everything You Need to Know About Malpractice Insurance Coverage For Nutritionists

Insurance Basics

Do Massage Centers Need Insurance?

Insurance Basics

How Much Does Nutritionist Insurance Cost?

Insurance Basics

Insurance Plans For Nutritionists: Everything You Need to Know

Insurance Basics

Massage Therapy Insurance: A Beginner’s Guide

General

Coronavirus Outbreak: 3 Tips to Keep Your Healthcare Business Safe

General

Company Working From Home? Stay Safe of Cyber Attacks

Insurance Basics

Business Interruption Insurance and Coronavirus

General

4 Best Practices for Medical Workers During the COVID-19 Outbreak

Insurance Basics

Inside the Hacker’s Mind – Social Engineering

Insurance Basics

Do Consultants Need Insurance?

Insurance Basics

Fitness Center & Gym Insurance: A Beginner’s Guide

General

Should Your Company Work From Home During the Coronavirus Outbreak

Insurance Basics

Why Your Business Needs Wellness and Fitness Insurance: A Comprehensive Guide

Insurance Basics

What Is the Cost of Gym Insurance?

Insurance Basics

What Insurance Do Consultants Need?

Insurance Basics

How Much Is Insurance For a Consultant?

Insurance Basics

Benefits of Consulting Insurance Coverage

General

Pay as You Go Insurance for Healthcare Professionals

General

You Have Your Physician Assistant’s License: Now What?

General

Why Are You Still Buying Occurrence Malpractice Coverage?

General

What Does Malpractice Insurance Cost?

General

Physician Assistant Malpractice Coverage: A Practical Guide

Nurses

Do Student Nurses Need Malpractice Insurance?

Nurses

Ouch, You Hurt Me! Do Nurse Practitioners Need Their Own Malpractice Policy?

Nurses

What Type of Insurance Do Nurses Need?

General

Understanding Insurance Terms: Back to Basics

General

What Does Professional Liability Insurance Cover?

General

Types of Insurance Available for Small Business Owners

General

Potential Small Business Risks

General

General Liability Insurance: How to Keep your Business Protected

General

Choosing a Business Insurance Provider: Everything You Need to Know

General

Business Insurance Plans – Do I Need One?

General

Benefits of Professional Liability Insurance

General

What Is the Average Cost of Errors and Omissions Insurance?

General

What Is Cyber Liability Insurance?

General

What Does Errors and Omissions Insurance Cover?

General

Cyber Insurance 101: Why You Need It

General

What Does a Cyber Liability Policy Cover?

General

Errors and Omissions Coverage: What Is It & How Does it Work?

General

What Is the Average Cost of Cyber Liability Insurance?

General

Who Needs Errors and Omissions Coverage?