How Expensive Is A Data Breach?

December 3, 2020
Steve Fox

Every year, companies are plagued with the costly and damaging consequences of data breaches. In fact, reports from last year alone, indicate a total of 7,098 data breaches, with a staggering 15.1 billion records exposed.

According to TechTarget, a data breach is defined as “an incident in which sensitive, protected, or confidential data has potentially been viewed, stolen, or used by an individual unauthorized to do so. Data breaches may involve payment card information (PCI), personal health information (PHI), personally identifiable information (PII), trade secrets, or intellectual property.”

The numbers suggest that data breaches are on an upward trend, albeit an inconsistent trend, with not only a greater number of individual data breaches but a greater number of records exposed as well. Now, as the pandemic has forced many individuals home to perform their job functions — with likely less overall network security — the risk for a data breach is even higher.


Data breaches can occur through a variety of methods. Often, cybercriminals will use an exploit, which is a type of attack that takes advantage of software weaknesses. For example, unpatched or out of date operating systems, Internet browsers, and installed applications are common access points for exploit kits. Other access points could include phishing email scams, spyware, or broken/misconfigured access controls.


When you think of the cost of a data breach, your mind likely goes straight to the financial impact of a data breach. This is certainly an important metric, but it’s not the only “cost.” Businesses can expect to pay not only fiscally but also in broken trust, damaged reputation, lost revenue, added training and technology investments, and more. Here’s a look at a few of the costs you should keep in mind.

According to IBM’s Cost of Data Breach Report, data breaches cost companies in the U.S. $8.64 million, on average. Additionally, nearly 40% of that cost stems from “lost business – including increased customer turnover, lost revenue due to system downtime, and the increasing cost of acquiring new business due to diminished reputation.”


Reports indicate that the average time to identify and contain a data breach is 280 days! That’s 280 days of exposure before the real work begins — repairing the damage. It should be noted, however, that businesses that identify and contain a data breach in less than 200 days can expect to save $1 million, on average. So, it certainly behooves your business to improve your security measures to prevent data breaches or at least minimize the amount of time it takes to identify and contain them!

Because your data and security were compromised, your team will need to establish stronger security parameters and shore up any vulnerabilities brought to light during the breach. This all takes time and could decrease productivity across your organization. Additionally, you’ll want to invest in added security training for your employees and possibly advanced security technology to create a safer and more secure network environment.

Beyond your organization’s four walls, a data breach can cause significant damage to your company’s reputation and will break the trust of not only your existing and potential customers but also industry partners and vendors. This can cause long-term, rippling effects to your revenue and ability to grow your business.


The costs of enduring a data breach are tremendous and far-reaching, costing your business money, time, reputation, and more. As the saying goes: The best defense is a great offense. Here are nine tips that will help your business avoid a data breach in the future.

  1. Invest in training and educating your employees on the latest security threats and protocols
  2. Ensure all programs and systems are updated with the latest security patches
  3. Control user access to your network and company software or systems
  4. Encrypt sensitive data
  5. Monitor data and security across your network regularly
  6. Perform a security audit to identify potential risk points
  7. Use closed access security broker (CASB) methods to monitor network activity and limit high-risk activities
  8. Run frequent data backups and ensure their integrity and reliability through careful testing and verification
  9. Consider zero standing privileges to control user access to your network and company systems

A proactive approach to network security is always the best approach. Take the appropriate precautions and make the necessary investments today to avoid significant costs and damaging effects down the road should you fall victim to a data breach.

join our email list