The true financial costs of a security breach


IT security is critical to protecting those elements of business that you work so hard to secure – goodwill, a solid reputation and consumer trust (as well as avoiding the things that can threaten to damage your company irrevocably, such as bad publicity that endures). Looking beyond these business risks, there lies a wealth of data that provides a window into the true financial costs of an IT breach – and if we begin with the fact that UK businesses faced costs of £29bn from cybercrime in 2016 alone, we come to realise that never has the threat of cyberattacks loomed so large on the horizon for UK companies (ITGovernance).

The (staggering) costs of recovery

Whilst many businesses still consider robust security as simply an unnecessary or overinflated cost, the alternative is what can be truly costly. For UK SME’s, the average malware attack represented a bill of £10,516 in time and money spent following a breach. What makes this figure even more staggering, is the fact that two-thirds of all UK businesses have been impacted by a cyber breach in the last twelve months alone (Government). For large UK companies, the costs of recovery have averaged out to £4.1 million.

When looking to the transnational brand names, we also see that no company is immune to the potential of an attack. TalkTalk faced a £60m recovery bill (that’s notably still rising), in addition to a fall in their share price of 30%; not only this, but the brand’s profits are down as they’ve battle to stem the flow of a mass exodus of customers (to date over 100,000 customers have left TalkTalk).

Across the Atlantic, retailer Target were forced to build an entirely new cyber centre – a move that was inevitable following $118 million in lawsuits filed by banks, card issuers and customers after 40 million credit card numbers were stolen.

Facing regulatory fines (and the bad press that accompanies it)

As of 2015 the UK Government reported that they’d collected a record breaking £1.4bn in regulatory fines (each of which had a maximum of £500,000 [pwc]). Yet even these figures may soon just be the tip of the iceberg, as EU GDPR legislation is set to come into effect as of 2018, with estimates that UK companies could then be stumping up as much as £122bn.

Whilst these figures are incredible, there’s a cost that accompanies them that isn’t directly monetary – and that’s the loss of goodwill. Put simply, the bad press that comes along with such fines can be nothing short of business breaking. For more insight into the business implications of a breach outside of financial costs, read last our previous blog: The business risks of a cyber breach.

The potential for business closure

In some cases, the costs of a security breach are untenable. Code Spaces, Nirvanix and MyBizHomepage are all prime examples of companies that folded due to security breaches. Notably, the latter company was once worth $100 million – and despite a $1 million attempt to right the wrongs of the breach, the company still folded. What’s more it’s not merely financial gain that attackers set their sights on, as was the case with Ashley Madison (the extramarital affair ‘hook-up’ website), the result of which has been many a divorce case (and a situation that many experts predict Ashley Madison won’t wriggle out of).

What next?

We help businesses of all shapes and sizes in protecting their vital IT assets. For a consultation with our team as to how we can help protect you from a cyber breach, simply get in touch for a free, no-obligation conversation. Alternatively, our free downloadable guide offers more insight into avoiding (and surviving) a cyber-attack.