When examining the importance of cyber security, you must first consider what a data breach would cost your business. Your Chief Financial Officer could probably estimate what a production shutdown would cost. But what about the harder-to-quantify costs, such as loss of reputation, or employee morale? Has your business ever attempted to calculate those potential losses? Or even thought about them? Here are 12 risks to consider so that you can more accurately calculate the likely costs of a data breach.
Business Loss from a Cyber Security Breach
Loss of business may be the most frightening part of a data breach. The best way to estimate its impact is to calculate potential losses at the most granular level possible, in as many ways as possible.
- How long will a data breach keep you from operating? What is your expected per-day loss?
- Will you lose contracts or customers? How much does each customer contribute to your revenue?
- How are each of your contracts structured? Is there an opt-out clause your customers can execute if you suffer a data breach?
Our cyber security team can help you avoid cyber attacks and minimize the disruption from a data breach with our Cloud Support, Backup, and Recovery Services.
Reputation and Brand Damage
Make no mistake, your brand reputation will be damaged after a data breach. How to quantify its impact to revenue will be difficult, so it might be helpful to create “Worst Case,” “Likely” and “Best Case” scenarios, each showing different levels of impact to your bottom line.
- Will a crisis communications consultant be needed to communicate with the media? How much will that cost?
- To repair brand damage, will you need to hire a PR firm? How long will you need it?
- Will additional marketing be required to replace lost customers? Will it take longer to find new customers?
- How long with the stigma of the breach stay with your company?
Trust from Vendors and Partners
Every business needs partners and vendors to help it achieve its goals. But, how will yours react to the news of a data breach?
- Will existing partners terminate their relationship with your company?
- May vendors require shortened payment terms, impacting your cash flow?
- Will you be able to replace existing vendors with new ones?
- Will it be more difficult to get credit?
Notifications and Mailings to Consider
All 50 states, the District of Columbia, Puerto Rico, and the U.S. Virgin Islands have laws that require private entities or government agencies to notify individuals who have been impacted by breaches that compromise their Personally Identifiable Information (PII).
- Do you know the notification requirements and exclusions for states in which you do business?
- Does your industry require customer notifications be sent?
- Do you know the penalties you may be assessed for a data breach?
- Can you notify affected customers via email or USPS mailing?
- How many notifications will need to be mailed?
Employee Morale and Recruitment
A data breach can have a significant impact on your workforce’s morale and that impact could be invisible to company leadership. It’s important to be transparent and honest with your associates because they’re the ones that make your company work.
- Will short-term breach expenses force staff reductions?
- Will hiring new or replacement talent be more difficult and slower?
- May you lose employees due to loss of credibility?
- Will a lack of communication with your employees do even more damage?
Legal Repercussions of a Data Breach
Since a data breach exposes your organization to liability, you will need additional legal counsel.
- How many data records could be breached in a worst-case scenario?
- How many breached customers will likely sue?
- Will you settle out of court? If so, what will the settlement costs be?
- Will there be class-action lawsuits?
Examine Insurance When Considering the Importance of Cyber Security
Insurance considerations are crucial when assessing the importance of cyber security.
- Will your business insurance premiums go up? If so, by how much?
- Do you have cyber insurance coverage?
- Does your cyber insurance cover both first-party and third-party liabilities?
- Does your policy cover breach-related costs? Which are not?
Consider Regulatory Fines, if Applicable
There are many federal cyber security laws that apply to businesses for failing to protect customer data.
- Do any of these regulations apply to your business?
- Health Insurance Portability and Accountability Act (HIPAA)
- Gramm-Leach-Bliley Act (GLBA)
- Federal Information Security Management Act (FISMA)
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
- Payment Card Industry Data Security Standards (PCI DSS)
- If you are a publicly traded company, could the SEC fine you?
- Do you know cost-per-record fines for violated statutes?
Investors and Shareholders
Businesses exist to serve their customers and make money for their owners. After a breach:
- May investors divest their ownership shares?
- Will sell-offs impact your market capitalization?
- Will acquiring new investors become much more difficult?
Consider Credit Monitoring When Assessing the Importance of Cyber Security
- Are you required to provide credit monitoring to affected customers? For how long?
- How much does credit monitoring for each customer cost?
Security Software & Services
The data breach exposed flaws in your IT environment. So, you will need to fix them and improve your cyber security to remain in business.
- After a breach, will you need to purchase and maintain additional security software?
- Will you hire internal security experts or use an outside firm?
- What will the added security costs be?
A cyber attack will damage your personal brand credibility, even if you are active in professional communities. Do not overlook this risk when considering the importance of cyber security.
- Will you still be invited to industry speaking opportunities?
- May professional organizations distance themselves from your company?
- Will others still view you as an expert in your industry?
Talk with Us About the Importance of Cyber Security
We hope these considerations have helped you realize the importance of cyber security. Now, it is important to have deeper, more meaningful discussions about your company’s cyber security risk to illuminate the potential costs you might face after a data breach. After considering the risks and costs, it's important to have a confidential conversation with our award-winning security team to help you dramatically minimize your risk of disruption from data breaches. Our goal is to help every client achieve the highest degree of security and the least amount of risk their organization can afford. Please contact us to get started!