A new survey done by Kaspersky with participation of 5,500 companies in 26 countries finally shows the real cost of a data breach broken out by Small and Medium Business (SMB) and Enterprise. They also show the direct and indirect costs for each, which gets you to some hard numbers you can use to request budget.
The data shows that a security breach usually costs large enterprise-level organizations an average of well over half a million dollars ($551,000) and $38,000 for SMBs. And then you can add the indirect costs: $69,000 for larger companies, and $8,000 for SMBs.
90% of companies experienced some sort of security breach
You can see that calculating the costs is a worthwhile exercise, as 9 out of 10 companies that took part in the survey admitted to a security breach, and 46% of them even said they've lost critical and sensitive information. Now, I'm sure that the survey was self-selecting so you need to take that 90% with a grain of salt. Still...
Included in the direct costs were hiring IT consultants (69% of the companies), hiring incident response consultants (43%), lawyers (37%), physical security consultants (36%), auditors and accountants (35%), management consultants (35%), and PR and corporate image consultants (24%). The indirect costs are budget you need to spend on additional staff hiring and training, infrastructure upgrades etc.
What worries IT Pros the most regarding data breaches?
The number 1 thing that IT pros and the C-level execs fear is lose access to critical business information.
The second most feared result as the aftermath of a data breach is loss of credibility to the company's name (43%), temporarily losing the ability to trade with other companies (38%), the loss of future contracts (30%), and the costs that come with hiring IT professionals to fix and improve their infrastructure (25%).
Kaspersky's study also shows that only 1 in 5 data breaches make it to the media. What's even worse is that only in 44% of the cases affected clients are informed, 36% of the cases affected suppliers are informed, 32% of the cases all the company's customers are told, and only 29% of the cases local authorities and regulators are contacted.
You can download the full Damage Control: The Cost of Security Breaches from Kaspersky's website. Great ammo for IT Security budget. A whopping 91% of successful data breaches started with a phishing attack, so finding out what your email attack surface is makes a lot of sense. You can do that here for free with the one-time, no-charge KnowBe4 Email Exposure Check: