dcsimg
 
 
 
 
 

12 Key Facts About the True Costs of Data Breaches

 
 
By Gina Roos  |  Posted 2016-02-02
 
 
 
 
 
 
 
 
 
  • 1 of
  • Previous
    1 - 12 Key Facts About the True Costs of Data Breaches
    Next

    12 Key Facts About the True Costs of Data Breaches

    Organizations can reduce the cost of breaches when they have the right processes and protections in place to minimize exposure, a new study concludes.
  • Previous
    2 - Biggest Breaches
    Next

    Biggest Breaches

    The root causes of the breaches were hacking/malware (35%), unauthorized access (27%) and physical theft (23%).
  • Previous
    3 - Financial Losses
    Next

    Financial Losses

    31% of companies estimated their post-breach costs ranged from $1,000 to $100,000; 31% said losses were more than $1 million; 27% reported losses from $500,000 to $50 million, and 23% experienced losses from $100,000 to $500,000. Only 8% said costs were greater than $100 million.
  • Previous
    4 - Data Protection Benefits
    Next

    Data Protection Benefits

    81% of companies had a data classification program prior to breaches, keeping the cost of clean-up low for the majority of companies.
  • Previous
    5 - Detection to Remediation
    Next

    Detection to Remediation

    Slightly more than 23% of companies needed one day to one week, one week to one month, and one to three months to fully remediate breaches. 38% said it took three months or longer to fully remediate their breaches.
  • Previous
    6 - Lingering Impact
    Next

    Lingering Impact

    Less than 35% had no lingering effects after remediation, while 4% don't know of lingering effects. The remaining respondents experienced effects for one month or more.
  • Previous
    7 - Customer and Reputation Costs
    Next

    Customer and Reputation Costs

    62% of companies had to notify customers, while 64% said their breach did not receive media attention.
  • Previous
    8 - Post-Breach Services
    Next

    Post-Breach Services

    Sensitive financial data was breached in 42% of the breaches; 27% of those companies still pay for credit monitoring services, 23% for information hotlines and 19% for credit card reissuance fees.
  • Previous
    9 - Post-Breach Costs
    Next

    Post-Breach Costs

    50% of companies used in-house services only, while 46% used a combination of in-house and third-party services and 4% relied on external consulting support.
  • Previous
    10 - Legal Counsel
    Next

    Legal Counsel

    73% of companies also used internal counsel, while 19% hired outside counsel that specialized in post-breach services.
  • Previous
    11 - Cyber-Insurance
    Next

    Cyber-Insurance

    More than 50% of companies said cyber-insurance was not applicable because they did not have a policy (28%) or they were self-insured (28%). Additionally, 16% said their total losses were covered, while 12% said losses were only partially covered.
  • Previous
    12 - New Tools and Controls
    Next

    New Tools and Controls

    58% of companies invested in new tools for forensics and data recovery as part of the breach response, priced from $3,500 to $300,000. More than 70% also added a mix of administrative, physical and technical controls.
  • Previous
    13 - Be Prepared
    Next

    Be Prepared

    Pre-breach recommendations: catalog major business processes; identify processes that handle critical or sensitive data; create an access control system; identify what assets hold or carry that data; determine what data is likely to be stolen, and determine the types of disruptions.
 

Recovering from a breach typically doesn't end with remediation. Lingering impacts, particularly if sensitive financial data is breached, can last from several months to several years, according to a new survey conducted by the SANS Institute and security vendor Identity Finder. The study, "Cleaning Up After a Breach, Post Breach Impact: A Cost Compendium," finds that the biggest breaches target personal information, followed by identity and financial information. Not only does the lingering effect cause financial losses due to the need for credit monitoring, information hot lines and credit card reissuance fees, it also can have an impact on brand reputation, sales/revenue, stock prices and customer churn. The survey also revealed that the biggest impact on the cost of post-breach activities includes disruptions to daily work, time to fully remediate, media attention and compliance violations. However, the study finds that organizations can reduce the cost of breaches when they have the right processes to handle post-breach activities and data protections that minimize exposure after a breach occurs. Here are key takeaways from the analysis.