Research from Kaspersky Lab presents bad news for those concerned about data breaches: They're rapidly becoming more expensive (registration required for report download).
For enterprises, that expense is up 24% from 2017 to around $1.23 million per breach, according to the Kaspersky research report. SMBs saw a larger increase of 36% from 2017, putting the average SMB breach cost at $120K.
That figure doesn't even account for breach recovery, which is a totally separate cost for enterprises and SMBs. In North America, where Kaspersky Lab said recovery costs are the highest, enterprises are looking at $1.6 million for recovery, and SMBs $149K, the report noted.
With costs that high—and rising—it's easy to picture a data breach destroying a company. To understand why a single data breach could cause so much damage, it's essential to understand what a company has to do in response to one, which Kaspersky Lab's report goes into in great detail.
Expenses to consider after a data breach are numerous, including:
- Improving software and infrastructure
- Credit rating drop and increased insurance premiums
- Staff training
- Extra PR to repair brand damage
- Lost business
- Employing external professionals
- Additional wages for current staff working on recovery
- Hiring new staff
- Penalties and fines
The amount spent on those different areas of recovery varies from business to business, but the end result is the same: A breached business spends a lot of money that proper cybersecurity planning could have saved.
Which is cheaper: Prevention or recovery?
The report makes Kaspersky Labs' position on that question clear: Prevention is cheaper.
Kaspersky Lab isn't alone in feeling that way: In the past year, enterprises have increased cybersecurity budgets by an average of 9%, while SMBs have increased theirs by an average of 6%.
SEE: IT leader's guide to achieving digital transformation (Tech Pro Research)
Giving more money to IT security isn't enough, said Kaspersky Lab in its report: IT decision makers need to be given a seat in the boardroom too. Making the best possible decision for digital growth that's secure from the start necessarily includes IT leaders—they're the ones who know how to navigate the minefield of digital transformation and security.
"Business leaders are increasingly understanding that if their digital transformation strategy...is put at risk, so too is the business itself," Kaspersky Lab said in the report. Any business that relies on the internet for marketing, sales, or customer support needs to have a presence that's as secure as it is easy to use.
At the end of the day, it all boils down to answering that question: Is it cheaper to recover from a data breach or prevent one from ever happening? The costs of both may be high, but it's clear what Kaspersky Labs is trying to get across in the report: Prevention is always worth it.
The big takeaways for tech leaders:
- The average cost of a data breach has risen by 30% since 2017, with enterprises expected to pay around $1.23M per breach.
- Breach recovery expenses can be avoided by giving IT leaders decision-making roles in digital transformation and by increasing cybersecurity budgets.
- Special report: The future of Everything as a Service (free PDF) (TechRepublic)
- Ahead of GDPR, UK fines University of Greenwich £120,000 over data breach (ZDNet)
- 2017 was 'worst year ever' in data breaches and cyberattacks, thanks to ransomware (TechRepublic)
- Lack of funding exposes US federal agencies to high data breach risks (ZDNet)
- 8 steps to take within 48 hours of a data breach (TechRepublic)
Brandon Vigliarolo has nothing to disclose. He does not hold investments in the technology companies he covers.
Brandon writes about apps and software for TechRepublic. He's an award-winning feature writer who previously worked as an IT professional and served as an MP in the US Army.