When a company compromises your data, the impact this may have on the company itself is likely the last thing on your mind. Even so, the lingering effects of a cybersecurity breach will plague companies long after you have reset your Netflix password. Organizations suffering a data breach incur huge costs, often paid for by the customer. Whether you are a manager in an organization or just an average consumer, cybersecurity breaches cost you money. The question is, how much?
A cybersecurity breach is a security incident that results in unauthorized access to an organization's sensitive information. Cybercriminals use a diverse array of methods to gain access to information systems. In 2022, cybercriminals most commonly gained access through compromised passwords and phishing scams.1
The U.S. tops the list for data-breach-associated costs, with a staggering $9.44 million per breach. On average, data breaches in the U.S. cost companies about $5 million more than their international counterparts.1 While the financial implications are the most obvious, the costs of a data breach can best be broken down into direct and indirect costs.
Direct Costs Of Cybersecurity Breaches
Direct costs refer to the specific dollar amount it costs an organization to clean up a data breach. Think about a data breach like an oil spill. Direct costs would be the total dollar amount the oil company must pay to clean up the spill, investigate the cause and fix the weak point in the system. This would also include any fees or penalties the company might be forced to pay.
No matter the industry, the direct costs of a cybersecurity breach are best understood as a two-step process. First, you must pay to clean up the mess you are in today. Second, you must pay to fix the vulnerabilities so your company has a plan for tomorrow.
Clean Up Today
The longer it takes to find the source of the breach, the more the company will pay in the long run. In 2022, the average detection time for the source of a breach was about nine months.
Breaches involving stolen or compromised login credentials had the longest average detection time. Cyber breaches along this avenue were not detected for an average of 327 days, costing companies $150,000 more. Conversely, companies that identified and contained the leak in less than 200 days saved an average of $1.12 million.1
Plan for Tomorrow
Another direct cost of a cybersecurity breach is fixing the problem so it doesn’t happen again. Adages about preparedness have become a cliché for a good reason, and companies that fund cybersecurity found significant savings in the long run. Developing and testing a quality incident response plan is essential. For example, IBM found organizations that test their incident response plans saved $2.66 million on average.1
Indirect Costs of Cybersecurity Breaches
Indirect costs, on the other hand, are not as easily quantified. A publicized data breach can damage your company’s reputation, relationships and productivity.
When your company experiences a data breach, its reputation suffers. A simple web search for “Equifax” reveals how closely a brand can be associated with a cybersecurity failure. In this case, the damage done to the brand is incalculable but consequential. You want to avoid new or existing customers associating your company’s brand with cybersecurity failures.
Data breaches also hurt your organization's relationships. Both customers and potential business contacts could develop a poor opinion of a company based on data breach issues. In one survey, 87% of respondents said they would be wary of doing business with a company if they felt the company needed to do more to protect customer data.2
A cybersecurity breach can be a big wrench in the machinery of your organization. Information systems may be unavailable to employees. Time and resources must be directed to data breach remediation, making profit margins thinner. On average, about 38% of the total cost of a data breach is related to loss of productivity.3
Broader Responses to Cybersecurity Breaches
The increase in cybersecurity breaches from year to year has had wide-ranging effects. Data breaches have contributed to decreased consumer confidence, which hampers economic growth at every level.
A recent survey asked consumers whether or not they believe most companies handle their sensitive personal data responsibly—only 25% agreed in the affirmative.2 This lack of consumer confidence contributes to a lack of investment. While major corporations may be able to weather the storm of consumer confidence following a security breach, 60% of small businesses don’t last six months.4
In order to meet this challenge, organizations are looking to those with advanced cybersecurity education. Unfortunately, the supply of qualified workers is not keeping up with demand. One report found that the cybersecurity industry added 464,000 workers last year.5 At the same time, roughly double that number of workers were needed. The same study found a cybersecurity workforce gap of almost 3.5 million worldwide. Graduate degree programs in cybersecurity have risen to meet this expanding problem. This is a rapidly growing field with a median salary of $135,000 in the U.S.5
A Path Forward
When your personal data is compromised, it’s hard to care how it will affect the company that allowed this to happen. In reality, the costs organizations incur from cybersecurity incidents are passed along to consumers, so no one is immune to this broader economic impact. Since you’re already involved in the problem, why not become part of the solution?
If you want to protect people from cyber criminals while jumping into one of the fastest-growing tech fields, you should consider completing a master’s degree in cybersecurity. One highly-acclaimed program is the online Master of Science in Cybersecurity from Katz School of Science and Health. At Katz, you can earn your degree online with an affordable fixed tuition rate and join the 95% of graduates employed within six months of graduation.
Connect with an Admissions Outreach Advisor to learn more.
- Retrieved on June 9, 2023, from ibm.com/reports/data-breach
- Retrieved on June 9, 2023, from pwc.com/us/en/advisory-services/publications/consumer-intelligence-series/protect-me/cis-protect-me-findings.pdf
- Retrieved on June 9, 2023, from bitlyft.com/resources/the-true-cost-of-a-security-breach
- Retrieved on June 9, 2023, from cybersecurityventures.com/60-percent-of-small-companies-close-within-6-months-of-being-hacked/
- Retrieved on June 9, 2023, from isc2.org/-/media/ISC2/Research/2022-WorkForce-Study/ISC2-Cybersecurity-Workforce-Study.ash