In our connected world, business data breaches are becoming increasingly common and, consequently, increasingly costly. Companies have about a 28% chance of experiencing a data breach that exposes at least 10,000 customer records and results in fines, fees, security costs and lost business revenue. When customer data is compromised in a security breach, it costs the company even more than just financially — a data breach can damage your business’s reputation and ruin customer trust in your company.
Companies must understand the consequences of a data breach so they can take the necessary steps to mitigate their risk and protect their company and customers. This article describes how five susceptible areas of businesses are impacted by breaches and tips for preventing a devastating data breach.
Table of Contents
- Finances and Revenue
- Stock Price
- Brand Value and Reputation
- Consumer Trust
- Customer Turnover
- How to Prevent a Data Breach
1. Finances and Revenue
With fines, legal fees and settlements, a data breach can be expensive, and the financial impact of a data breach only continues to grow each year. IBM Security sponsored the Ponemon Institute’s 13th annual Cost of a Data Breach study, which determined the global average cost of a data breach was $3.86 million in 2018 — 6.4% higher than in 2017. For companies in the U.S., the cost of a data breach is even more staggering at $7.91 million on average — the highest globally.
The average cost of each stolen or lost record also rose by 4.8% last year, reaching $148 for every record containing sensitive and confidential information. Whether your company has millions of personal records or a small customer database, a data breach that exposes sensitive customer information can be extremely costly for your business. Let’s break down the factors that make a data breach so expensive:
- Regulatory fines: Each state has its own security breach notification laws that require companies to disclose to their customers and other entities when a breach has occurred. If a business fails to comply with these laws, they can receive hefty fines. Companies may also be subject to industry-specific regulations for data security, such as the HIPAA Breach Notification Rule in the healthcare field.
- Legal fees: If a security breach exposes sensitive data, such as your customer’s credit card information or social security number, your company may be subject to lawsuits, legal fees and settlement fees.
- Security expenses: Following a data breach, companies must often improve their data security by investing in new technology or increasing their IT staff.
- PR expenses: A data breach can do severe damage to your company’s reputation if not addressed appropriately. The aftermath of a security breach often involves increased spending on PR, investigations and marketing to repair your brand image and draw customers back to your business.
- Lost revenue: The cost of a data breach that is perhaps the most difficult to measure is the revenue your company loses when customers decide to take their business elsewhere. While your company can observe the drop in revenue, it is difficult to determine just how many potential sales you lose when customers lose faith in the security of your business.
For small businesses, a data breach can be a death blow, but data breaches are not affordable for large corporations either. According to IBM’s study of 11 security breaches involving one million lost or stolen records each, the cost of a mega-breach could be as high as $40 million.
2. Stock Price
Another cost of a data breach is the impact it can have on a company’s stock value. On top of the added expenses and lost revenue, a security breach that involves customer or consumer information can cause a company’s stock to plummet almost instantly after the breach is disclosed. A 2017 study by the Ponemon Institute tracked stock prices for 113 publicly traded companies that had a data breach. Their research showed that stock prices dropped an average of 5% after the public announcement of a data breach.
However, the study also revealed that this decline in stock price can be recovered quickly if companies take the right actions following a breach. Companies that had a strong security posture before a data breach and responded quickly following a breach saw their stock prices bounce back in about seven days. Companies that responded slowly and had a poor security posture experienced a slow recovery and bigger drop in stock prices — with company stock dropping an average of 4% more than companies with a strong security stance and taking an average of 90 days to rebound.
What this means for companies is that establishing a strong security policy now can help your business recover more quickly if a data breach occurs in the future. Taking data security seriously and preparing for the possibility of a breach makes your company more resilient.
3. Brand Value and Reputation
Your company’s reputation is a significant yet immeasurable asset. How your brand is perceived impacts your customer attraction and retention, as well as which stakeholders and talent your company is able to win. A company with a poor reputation will not attract top talent and may struggle to find support from investors. If a serious data breach mars your brand’s image, you are likely to lose customers and revenue.
A data breach is one of the top threats to the reputation and brand value of your business. Ponemon Institute’s 2017 study revealed that both senior-level marketers and IT and information security personnel rank a data breach as the number two issue that would harm their brand image — following poor customer service in the number one spot and coming in just ahead of a product recall or environmental incident. Additionally, 71% of corporate communication professionals and senior-level marketers (CMOs) believe that the greatest cost of a security breach is the damage it does to brand value.
How severely a data breach affects your company’s reputation is determined, in part, by the type of data exposed during a breach. Data breaches involving credit or debit card information tend to have a much more severe impact on brand reputation than those involving only email addresses, phone numbers and home addresses. If a breach involves investor data rather than customer information, your relationships with stakeholders may be greatly impacted, while your company’s public reputation remains intact. However, with data breaches receiving a lot of attention in the news and on social media, the reputation impact of a data breach for your company can be severe no matter what kind of security breach you experience.
In fact, how a company responds to a data breach may be even more important for preserving its brand reputation than preventing a breach in the first place. Companies that respond quickly, transparently and effectively to a security breach can earn back customer and stakeholder trust. Unfortunately, too many businesses fail in their response to a data breach by denying responsibility, communicating with customers ineffectively and responding much too slowly. In 2018, companies took an average of 196 days to identify a security breach and 69 days to contain it.
As security breaches become a much more common concern, companies must be prepared to respond immediately and appropriately to save their brand value and reputation from damage. A vital part of preserving company reputation after a breach of consumer data is communicating with customers in an accessible and empathetic way. Companies who focus on addressing customer concerns in an understandable way will recover better from a data breach than those that speak about the issue only in cold and formal legal language.
The reputational damage of a data breach can take a long time to repair, especially if the breach is not managed effectively when it occurs. Large companies with a reliable and trusted brand image often have an easier time recovering from a data breach, while small companies may suffer irreparable damage to their business reputation and value.
4. Consumer Trust
When customers provide companies with their personal information — including addresses, phone numbers, credit card information and more — they are trusting that company to keep their data secure and private. Ponemon Institute’s research showed that 79% of consumers think it is a company’s responsibility to secure their personal information by taking reasonable actions for data protection. However, the study also revealed that just 64% of CMOs and 66% of IT personnel hold the same opinion.
This shows a significant gap between customer perceptions of how well businesses are protecting their data and how much responsibility businesses are actually willing to assume. When companies do not take responsibility for data breaches, customers quickly lose trust in the business. In Ponemon’s study, out of the 51% of consumers who reported being victims of at least one data breach in the previous two years, 65% said they lost trust in the company, and 27% stopped doing business with the company entirely.
Maintaining customer trust is essential for your company’s success for many reasons:
- Customer retention: Firstly, customers who trust your company will continue to choose your business over your competition. Loyal customers are the foundation for business success and continued growth in the future.
- More effective marketing: When customers trust your company, they will be willing to provide more details about their lives and interests. These details inform your marketing campaigns to more effectively reach your target audience.
- Greater overall involvement with your business: The more your customers trust your business, the more likely they are to participate in loyalty programs, subscriptions and other opportunities your business offers. On the other hand, if your company has experienced a data breach and broken consumer trust, customers will not want to share their bank account information to register for business credit cards, their email address for subscriptions or even their credit card to make a purchase from your e-commerce site.
Once lost, customer trust can be difficult to earn back. If companies hope to preserve customer trust following a data breach, they must be accountable for protecting private consumer data before a security issue arises. Companies that build strong security and data protection policies before a breach lower their risk of a data breach occurring and also enjoy more customer trust from the start.
5. Customer Turnover
When the reputation of your company takes a hit from a data breach, so does your customer retention. Even the most loyal customers will be hesitant to shop at your establishment after their personal information has been exposed and their trust has been lost.
Customer turnover, also known as churn rate, is an important metric for measuring the health of your business. High customer turnover can damage your company’s profitability and stifle growth. Without a stable customer base, your revenue flow is less predictable. An unstable revenue flow can make it challenging to plan for future growth or build a scalable business plan.
A high churn rate is also associated with decreased total revenue. Loyal customers are likely to spend more each time they shop with your business and invest in additional features of your services. According to a 2018 survey by InMoment, 70% of Millennials and 60% of all consumers will make purchases more often from companies that they are loyal to, and 50% of consumers will purchase more products when they shop.
Loyal customers will also help grow your brand for you — with 75% of loyal customers recommending brands they love to their friends and family members. Without a reliable customer base, companies must invest more time and resources in attracting new customers to make up for those that are lost. Following a data breach that has gained public attention, earning new customers can be even more challenging.
To reduce customer turnover after a data breach, companies should build a secure data posture now to establish their brand as trustworthy. When customers know that your business is taking action to protect their personal information, they are more likely to remain loyal after a security breach.
How to Prevent a Data Breach
Don’t underestimate the impact a security breach can have on your business. From hefty legal fees to loss of customer trust, a data breach can be a major setback for your business that may take years to recover from. Companies of all sizes and in all industries can be the victim of data breaches that have devastating consequences. While preventing a data breach may not always be possible, companies can take action now to significantly reduce their risk of a serious security breach down the road.
Companies can build a strong security posture by implementing a business continuity plan that outlines concrete steps for responding to and managing a data breach if it occurs. According to the 2018 Cost of a Data Breach study, having a data breach response plan in place can save your business an average of $340,000 for each data breach and $13 for each lost or stolen record.
Businesses must also develop a strategic plan to protect customer and company data and monitor for possible security threats to stop a breach before it happens. Effective security software can provide real-time visibility of data security and identify threats more quickly so companies can contain a data breach before it becomes a critical problem. By implementing a data security solution, businesses can easily track crucial incident event data to mitigate risks and ensure data security compliance.
LOGStorm™ from BlackStratus may be the data security solution that your business needs to effectively identify and contain data breach threats. Our reliable and cost-effective log management and monitoring system is designed to protect your company and customer data with unparalleled speed and performance. Learn more about how LOGStorm™ can protect your company from a devastating data security breach.
- 10 Mistakes Businesses Make Before and After a Data Breach
- What Is the Difference Between a Security Incident and a Security Breach?
- How Much Should Your Company Invest in Cybersecurity?
- What Is a Security Operations Center, and Why Is It Important?