Data breaches are becoming more common these days and seem to be especially impacting small businesses as hackers shift their focus toward more vulnerable targets, but it seems many enterprises have not likewise moved to keep up with the threats.
Obviously being hit with a data breach will be bad news for a business of any size, but it may be particularly impactful for smaller ones because of the lack of safeguards they may have in place to deal with these incidents that larger competitors might, according to a report from Dark Reading. As such, they may not be fully prepared for the cost that will likely hit their companies after this kind of incident occurs.
One thing that many businesses are not ready for when they think about their data breach preparation is how such an incident will impact them not only in terms of the actual remediation expenses, but also the way it will affect their ability to work normally in the immediate aftermath, the report said. Making sure that there are measures in place to ensure normal business can be conducted will likely be vital to helping companies recover after they suffer such a breach.
“[H]ands down, the biggest cost is loss of productivity, not just with the IT team but all the people who are affected by the systems impacted, especially critical systems,” Vinnie Liu, managing partner for security consulting firm Bishop Fox, told the site. “It has a domino effect, and it is a huge multiplier effect that happens after a breach.”
The bigger concerns
Of course, when businesses worried about their bottom lines in the immediate wake of a data breach, they should be most concerned with the actual remediation costs themselves, as these will certainly carry massive price tags in almost every case, the report said. Whether it’s related to the cost of simply sending out notifications to everyone impacted by the incident, dealing with providing identity theft or credit protection, purchasing new software, updating security systems, or a combination of any of these safety measures, the price tag for suffering such an incident can grow to hundreds of thousands of dollars or more rather quickly, and even in relation to the smallest breaches. This is particularly true for companies which do not have dedicated IT professionals on staff – far more likely to be smaller ones – and thus have to hire outside help to ensure they are fully safeguarded after such an incident.
In addition, companies may be suffering these breaches for extremely long periods of time without even realizing it as a direct result of that lack of security team, further increasing their exposure and potential risk after the initial incident but before discovery, the report said. A recent study by Verizon’s RISK Team found that 66 percent of all data breaches last year went undiscovered for a period of months or more, up from just 41 percent in 2010. About seven out of every 10 of these breaches in particular were not even discovered by the company itself, but rather a third party.
For these reasons, and because they are being more targeted than ever these days, independent company owners may want to try to increase the size of their small business insurance policies to make sure their tech insurance coverage will be adequate to cover their needs if they are victimized by such an incident. Without this kind of protection, a small business’s data breach costs can run extremely high and even be potentially ruinous if companies are not adequately prepared for them.