Risk Insider: Tim Francis

The Real Cost of a Cyber Breach

By: | October 8, 2014

Tim Francis is Enterprise Cyber Lead for Travelers. He has oversight of all of the company’s cyber product management. He can be reached at [email protected].

Cyber. You can’t escape the topic and the news surrounding it never seems to be positive.

A quick online search of the subject pulls news results with headlines that include words like attack, warfare, defense, breach, threats, security and danger.

But what information? And who is actually at risk?

The answer: everything and everyone.

Of the cyber attacks that occurred in 2013, four of them made the list of top 10 worst cyber breaches of all time – just one year accounted for nearly half the list.

A single data breach typically results in about 29,000 breached records, which cost roughly $201 each. That’s a whopping $5.85 million for the average single data breach.

Cyber-related attacks continue to become more prevalent and far more detrimental each year, amounting to thousands and millions of dollars in recovery costs for businesses, along with significant blows to companies’ reputations.

Cyber criminals target a wide range of information from user IDs and passwords to personally identifiable data and personal health information.

Breaches come in the form of attacks on personal computers, mobile devices and routers. Approximately 20 percent of all data losses are due to lost or stolen devices, according to NetDiligence.

While it’s important to understand the data that is at risk, it also is important to know the financial impact a breach can have on a company.

A solitary data breach might seem at first glance like an inconvenient, but wholly manageable, business exposure. After all, how much damage could one lost or stolen laptop or one hacked account create?

Here’s the surprising reality: According to the Ponemon Institute 2014 Cost of Data Breach Study a single data breach typically results in about 29,000 breached records, which cost roughly $201 each. That’s a whopping $5.85 million for the average single data breach.

Costs associated with data breaches go well beyond the price of fixing the company security system. From notifying clients to legal settlements, these expenses add up quickly and can include, on average:

– Post-breach costs of $1.6 million (Ponemon)

– Notification costs of $509,000 (Ponemon)

– Lost business costs of $3.3 million (Ponemon)

– Legal defense costs of $574,000 (NetDiligence)

– Legal settlement costs of $258,000 (NetDiligence)

Of course, there are data breach “costs” that go beyond immediate expenses, too. The loss of customer trust and damage to a brand’s reputation are not easily accounted for initially, but they can lead to significant financial losses over time.

So, beyond looking into cyber liability coverage, how can you help protect yourself and your organization?

Know your data. Create an inventory of all data and information — digital or physical — along with where it is stored.

Evaluate your cyber exposure. Understand which information and systems are most critical to protect. Then, determine the ramifications of a cyber attack on each.

More from Risk & Insurance