Naked Security Naked Security

What’s the actual cost to a business of a data breach?

It's hard to measure the actual financial cost of a breach, never mind the hit to a company's reputation

Cisco has released the 10th of its annual cybersecurity reports, leading some publications to scream that security breaches can cost businesses 20% of their annual turnover.

If you burrow into the headlines, however, it becomes apparent that only a third of the companies questioned in the (admittedly substantial) survey claimed such a loss. Other reports place the value much, much lower – but nobody is denying it’s a problem or that it’s increasing.

The Cisco survey takes in 3,000 respondents at chief executive level. It found that 50% of companies face public scrutiny after a breach, leading to reputational risk, and 20% reported that they lost customers as a result. Additionally, 23% of them had identified lost business opportunities from prospects as a result.

Budget constraints, incompatible systems and inadequately skilled staff were the main reasons for breaches, the company said. Detection of breaches, however, had sped up considerably, offering some source of cheer.

The overall cost of a data breach is harder to pin down. A third of companies told Cisco they’d lost 20% of revenues following an incident, whereas other reports disagree. IBM‘s report on the cost of a breach says the average consolidated cost of a data breach had moved from $3.8m to $4m in the last year, although it doesn’t break this down as a percentage of sales. Meanwhile Bluecoat said that whatever the numbers, companies were anticipating fewer breaches this year than they had last year.

The exact value of a breach is all but impossible to calculate. Only yesterday we had an instance in which third-party forums for Xbox and Playstation had their data compromised (reported in our News in Brief section); those forums will never know how many people were considering signing up but will now not do so.

In the same way, companies in the Cisco survey confirmed that they had lost prospective customers but they can’t know about instances in which they had fallen off the shortlist prior to contact.

The only thing most of the estimates, no matter what substantiations they use, agree on (with Bluecoat going a little rogue) is that data breaches are growing – and the results aren’t pretty.

Leave a Reply

Your email address will not be published. Required fields are marked *