A data breach is not only a hazard to the security of an organization, but also a substantial financial drain. In the wake of a compromise, the company must pay forensics investigators and lawyers, and upgrade security systems. The fallout may also lead to lawsuits and internal document leaks, which both require time and money to resolve. Two notable hacking examples and a national survey reveal the severity of the costs that come from cyberattacks.
Failing to Encrypt Your Data Could Lead to a Lawsuit
The private intelligence firm Stratfor suffered a data hack in late 2011 and found itself facing a class action lawsuit filed by customers who pointed out, among other failures, that the company did not properly encrypt their identity records. As we can see, firms must deal with both the data hack and their customers' responses in the aftermath.
In Stratfor's case, a settlement was announced, requiring the company to pay hefty fines and fees. To sum up, Stratfor owed a $400,000 lump sum for legal fees as well as payment for credit monitoring services, free service access, and an e-book copy of the business’s The Blue Book to each class member requesting these forms of compensation. Both company products cost Stratfor approximately $1.75 million.
Sensitive Internal Data Can Be Published Online
One of the most recent and infamous hacking scandals occurred last year. Sensitive data from Sony Pictures was publicly released online, including employees' Social Security numbers, unpublished scripts, salaries, and health test results. WikiLeaks also published internal business emails and documents. The FBI suspected North Korea as the perpetrator of the attack, due in part to the hackers’ IP addresses. Many theorized that Sony was targeted in retaliation for its 2014 film, The Interview, which focuses on a plot to assassinate the North Korean dictator, Kim Jong Un.
Sony's senior general manager Kazuhiko Takeda said that the hack would cost Sony $35 million for the full fiscal year through the end of March. The expenses largely pertained to restoring financial and IT systems.
Half of All Small Businesses Have Been Hit by Cyberattacks
With all the emphasis in the news on corporations getting hacked, the plight of small- to medium-size businesses sometimes gets lost. But a 2014 survey by the National Small Business Association uncovered the staggering costs these organizations face when they are hit by data hacks.
Half of all small businesses reported being the targets of a cyberattack—and those attacks can mean considerable expenses. For instance, the researchers found that the average cost of an attack rose from $8,699 in 2013 to $20,752 last year. But it's not just a cost in dollars; it's also a cost in time. One-in-three respondents reported that it took them at least three days to recover from an attack.
Invest in Online Defense Measures
Upgrading cybersecurity is a cost, but one worthy of investment. Installing managed security services, equipping IT personnel with software capable of managed SIEM and quality log management, and generally establishing a company-wide policy on handling cyberattacks are all necessary measures to protect business systems and networks, and ultimately avoid future substantial costs.
Photo credit: GEORGII MIRONOV / Shutterstock