Skip to main content
November 20, 2015

What's the True Cost of a Data Breach?

Analysis: What's the True Cost of a Data Breach?Breaches are bad business. In 2015, this basic tenet of digital security is clear-cut common sense. After all, bad things happen when bad guys steal your property. What's less clear is the quantifiable cost of a data breach, both in terms of the intrusion's economic toll and the underlying factors that play into the loss.

This is where the expert insight comes in. "The Business and Economic Consequences of Inadequate Cybersecurity," a Veracode/Cebr paper on the numbers behind data breaches, presents some eyebrow-raising figures and analysis. Here's a by-the-numbers look at just a few of its findings.

The Lack of Prejudice

According to the report, 81 percent of large UK businesses and 60 percent of their smaller counterparts suffered a breach in 2014. While these numbers are big enough on their own — and important to consider no matter what country or countries you do business in — adding other data and analysis from the report really brings things into focus:

  • The number of incidents resulting in data breaches has increased over the last eight years.
  • The Royal United Service Institute (RUSI) expects "that the attacks carried out in the future are likely to cause much more damage," with attackers "exploiting better intelligence" to pull off attacks "in a more targeted manner."
  • Attackers will continue to focus on the mobile app layer and utilization of "leapfrog" attacks, using data pulled from smaller breaches to coordinate larger attacks.

In other words, digital security is more important now than it's ever been, and that trend isn't likely to change. As any CISO will tell you, that's not meant to paint a grim picture of the future — it's a basic fact, and a call to action for stronger security from every corner of the enterprise world.

The Cost of Malicious Activity

There's another figure that gets more interesting the deeper we delve: Cyberattacks cost UK businesses 34 billion GBP, or 51.6 billion USD. As the report notes, it's actually a combination of two figures: the losses caused by attacks (18 billion GPB/27.3 billion USD) and the amount by which businesses increase their IT spending every year as a result (16 billion GBP/24.3 billion USD).

If anything, these numbers point to the old business adage about spending smarter, not harder. While building a competent IT backbone and implementing ongoing security measures to keep it safe can be justifiably expensive, focusing on security earlier in the software design process is one proven way to offset larger security costs in the future. This fact remains true whether you're talking about internal and embedded systems or customer-facing software. Outsourcing and automating certain security tasks — and applying them to the company's existing catalog, as well as works in progress — is another way to defend against the escalating costs of digital defense.

The Big Three

While not an eye-popping number like the two above, the three top concerns companies have regarding breaches still warrant discussion, because the cost of a breach doesn't just come from one source. Instead, companies that fall victim find themselves spending or losing money on the breach itself, the brand damage it causes, and the associated downtime. And those are just the top three, with regulatory fines and fees, loss of competitive advantage (mostly stemming from IP theft, a common motive in breaches) and losses to productivity and morale ranking just below.

Once again, we see how the cost of a data breach can be offset, if not outright avoided, by security-forward practices such as early implementation and automation. As the paper notes, nearly all — as in, 99.9 percent — of "vulnerabilities exploited in breaches were already known for more than a year," meaning the companies in question could often take different steps to avoid them. The paper calls for "more rigorous patching processes" in light of this data; not only do automated services find potential exploits in new and existing software, they're constantly updated by experts in the field, giving their clients an even bigger head start in protecting the software under their banner.

The multifaceted costs incurred by companies in the wake of a breach should serve as a wake-up call to others looking to avoid them. Security is an ever-changing game, and no system or software is 100 percent secure, but that doesn't mean companies shouldn't implement top-of-the-line defenses to keep data safe.

By the Numbers

Breaches are complicated affairs. From the money companies spend on defense to the revenue they lose in their aftermath, the Veracode/Cebr report doesn't just present the numbers representing the real cost of a data breach — it provides the insight businesses need to right the course of their own security efforts.

Photo Source: Flickr

Evan Wade is a professional freelance writer, author, and editor from Indianapolis. His time as a sales consultant with AT&T, combined with his current work as a tech reporter, give him unique insight into the world of mobile/Web security and the steps needed to properly secure software products. Follow him on Twitter.

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.