Cyber security is something that we discuss frequently at Equity, and with good reason. It’s an extremely important aspect for every business now – with significant amounts of data and essential assets being stored digitally – and one that should never be considered lightly.

Unfortunately, many businesses look at the cost of an effective cyber security strategy and attempt to make savings by skipping necessary precautions, without considering the full scope of the costs that could be caused by a data breach. In this article, we’ll take a look at the true cost to your business of a data breach, and why the cost of cyber security measures is rather insignificant in comparison.

 

Financial Cost

 

Costs occur as a result of a number of effects that are caused by a successful data breach. There are some measurable costs and others that will depend on the size and status of your business. To put data breaches into context though, here are a few averages to get a better idea of what costs you could be looking at if your cyber security isn’t up to scratch:

  • £25,700 in cleanup costs after a successful cyberattack (of any kind) for small businesses
  • £3.2m average cost as a result of a data breach, across all UK businesses
  • 60% of SMEs that suffer a cyberattack go out of business within the following 6 months

When looked at together, these stats paint a good picture of how costly cyberattacks, and data breaches in particular, are. However, they don’t necessarily take into account all of the costs and issues that arise after a breach.

The following, perhaps less directly measurable, costs are faced by every business who falls victim to a cyberattack. With varying degrees of impact, these can certainly put a significant strain on your company and are some of the main reasons why 60% go out of business entirely.

 

Data Loss

 

An obvious result of a data breach is data loss, but how does that really impact your business? To many, ‘data loss’ doesn’t sound that bad – after all, we all lose documents and emails from time to time. However, in the realm of a company data breach, it’s far more significant than that.

Data that is usually targeted is likely to be crucial to operations, which can make certain functions near impossible to carry out in the same way. In turn, this leads to a whole host of issues including significant clean-up and data retrieval costs along with a number of others which we will discuss further in this article.

 

 

Downtime and Disruption to Services

 

As of 2022, the average duration of downtime after a ransomware attack was 24 days. That’s over 3 weeks where your business is unable to operate normally or provide products and services to customers as you usually would, due to missing data and information.

This is a cost that varies from business to business and depending on your size, may result in a larger actual cost or may be enough to put you out of business. To understand the cost to your business, consider how it would impact you if you were unable to provide services or cater to new sales to even a quarter of your customers for more than 3 weeks.

 

Damage to Reputation

 

It’s not just your existing customer base that might be impacted by a data breach, but also wider audiences and potential new customers too. When you experience a data breach, you are required to notify customers and contacts whose data may have been impacted, and in the digital era, news spreads quickly.

Allowing customer data to be stolen can have a significant impact on your reputation that has been shown to increase client turnover rate and can make acquiring new business more difficult; 75% of consumers refuse to buy products from companies they don’t trust to protect their data. If you own a small business, this could have overwhelming consequences that harm your revenue beyond repair.

 

Compliance Failures

 

Data protection and cyber security are governed carefully in the UK by a number of legislation schemes:

UK GDPR

Computer Misuse Act 1990

Data Protection Act 2018

Network and Information Security Regulations 2018

If you fail to protect your data suitably and suffer a breach, you are in violation of these laws and open yourself up to serious punishment, which again incur costs for your business.

For many of these regulations, you don’t even have to have been affected by a cyberattack – simply failing to implement sufficient security measures is enough to warrant sanctions.

  • UK GDPR – Organisations who fail to comply may receive a maximum fine of £17.5 million or 4% of their overall annual turnover.
  • Computer Misuse Act 1990 – Organisations who fail to comply may receive an unlimited fine or up to a 10-year prison sentence for complacency and aiding in computer misuse.
  • Data Protection Act 2018 – Organisations who fail to comply may receive a maximum fine of £17.5 million or 4% of their overall annual turnover.
  • Network and Information Security Regulations 2018 – Organisations who fail to comply may receive a maximum fine of £17.5 million or 4% of their overall annual turnover.

 

Insurance Costs

 

Every business should have cyber security insurance to help protect against some of the cost that can incur.

 

 

However, after experiencing a data breach, as with all types of insurance, your premiums are likely to increase depending on a number factors including the severity of the breach, the financial losses occurred, and importantly, the effectiveness of your response and prevention efforts.

Not only can the cost of your premiums rise, but you could face higher deductibles and more stringent requirements moving forwards which could result in a serious increase in cost should you suffer another breach later on.

 

Cyber security isn’t a ‘set and forget’ solution that only requires a little attention. It’s something that demands constant focus and review to ensure that it effectively protects your business against ever-evolving threats. As you can see, the costs can be significant should you fail to prevent an attack, and even more significant should your cyber security measures be deemed insufficient in the first place.

If you would like to learn more about getting your Cyber Essentials Plus certification to help lower your business’s risk by up to 98.5%, click here. Alternatively, if you would like to discuss general cyber security strategy and protecting your business for the long term, speak to one of our experts for free today.