Scary news stories about massive data breaches and even bigger fines seem to be more and more common these days, with Dixons Carphone the latest big business to fall victim, in a breach which involved 5.9 million payment cards and 1.2 million personal data records. The financial and reputational implications are likely to be significant for Dixons, despite the fact that the breach happened before the implementation of the GDPR, which promises huge fines for data breaches such as these.
So, what are the potential costs faced by businesses such as Dixons who suffer a data breach in 2018? We take a look at the direct and indirect costs in our latest article.
A 2018 study by IBM Security and the Ponemon Institute on the hidden costs of a data breach, based on interviews with nearly 500 companies who had suffered a data breach, found that the average cost of a breach increased globally by 6.4% in 2018, up from $3.62 million in 2017 to $3.86 million.
The average cost of a data breach per compromised record was $148, and organisations took 196 days on average to detect a breach. Overall, ‘the total cost, per-capita cost and average size of a data breach (by number of records lost or stolen)’, all increased in 2018.
The study found that a ‘mega breach’ (defined as a breach involving 1 million compromised records), such as the breach suffered by Dixons Carphone, could cost a company as much as $39 million.
The GDPR, which was implemented in May 2018, will impose fines of up to 20 million Euros or 4% of annual global turnover (whichever is greater) for companies who fall victim to a data breach. This is a huge incentive for businesses to be extra vigilant when handling the data of their customers and clients, as a data breach in 2018 threatens the very real risk of financial bankruptcy.
One of the most significant costs of a data breach is actually an indirect cost. A company’s reputation is priceless, and is often built up after years of trust and brand building. However, one high profile data breach, such as those suffered by Yahoo and Equifax in the past, and Dixons Carphone more recently, can severely damage even the most spotless of reputations.
Research has revealed just how damaging a data breach can be to a businesses’ reputation, with up to a third of customers in retail, finance and healthcare claiming that they will cease to give their custom to businesses who have been breached. Likewise, the 2018 IBM study found that for 90% of CEOs of businesses who had been breached, ‘rebuilding commercial trust among stakeholders after a breach’ has been one of the most difficult challenges they have faced. Elsewhere, 46% of breached organisations feel that they have suffered damage to their brand value and reputation as a result of a data breach.
Another hidden cost is often in the downtime a business experiences when a data breach is detected. When a businesses’ expensive firewalls and defences are breached in a cyber-attack, it can result in damaging downtime, costing as much as £6,000 per minute on average.
With over 22 years industry experience, EOL IT Services are proud to be the UK’s most accredited ITAD supplier. We possess the skills, accreditations and experience to handle our clients’ data with the care they deserve, and to dispose of it responsibility and legally.
Contact us today on 0845 600 4696 or visit https://www.eolitservices.co.uk/services/it-asset-disposal/ to find out how we can help you dispose of your data safely and reliably.