The 4R’s of a data breach.

August 28th, 2018
What is the actual cost of a data breach?

So, a data breach has occurred, and you don’t have cyber insurance. What will you do and how much will it all cost? This is often a question that people struggle to answer as it isn’t something that many people will have considered before about there business. There are a range of factors that will impact on the cost of a breach/ attack.

The first cost is- response

How will you respond to a data breach? Often businesses will have to use an IT specialist to help them respond to the problem quickly and limit the damage that has been done already. IT specialists can become costly often charging by the hour and with unknown time spent on containing a problem you can see how costs climb. Even if you have an in-house IT team there is still a time cost that could have been spent doing other things.

The next cost is less direct – reputation

The reputational damage that a breach can do may not be a direct and may not be obvious, but this is the cost that will have a long-term impact on the business. It may have an immediate impact with a loss of return customers or even the loss of a contract depending on your type of business. this will have an immediate impact on your cashflow. But long term it may have caused such reputational damage that people are reluctant to use your business which may cause cash flow problems. However, this will be dependent on the level of the breach and how quickly the issue was solved. It may be that an attack is resolved quickly and there was no loss of data or business interruption in which case the reputational affects will be limited and possibly unnoticeable.

The third cost is- restoration

The restoration costs are the costs associated with getting the business back into the position it was before the breach or attack. These can include the costs of the business interruption and the notification costs of letting clients know about the breach or attack. Along with this are the cost of getting the business operational again. If a ransomware attack locks you out of your documents and files it is the costs associated to getting the documents back, whether it be you pay the ransomware or have to pay an expert to come into the business and help unlock the files.

The final cost of a breach or attack is- regulatory

Are you going to be subject to a regulatory penalty as a result of the attack/ breach? Penalties from the regulators can reach up to €20 million or 4% of turnover whichever is greater. Regulators have the power to cripple businesses with penalties should they not live up to the new standards under GDPR. Businesses now have an onus on them to ensure the safety of the data they hold and try to protect it. Data that is no longer useful must be destroyed and you must display a legitimate interest in the data that you hold or have permission to hold that data from an individual. It is these small obstacles that will trip a business up and mean that regulatory penalties maybe incurred.

Cyber insurance– Protection after a data breach

All these costs can be covered by a policy that means should a breach/ attack occur you won’t have to worry about the costs of each of the factors. Cyber insurance can cover each cost and provide you with immediate access to some of the best cyber specialists in the country that can limit the damage done to the business. You can also get access to a PR team that will help you should you feel it necessary this will help you to limit the reputational damage.

Back to article