How Much Does a Security Breach Cost?

Can your business afford a $3.86 million security breach? Unfortunately, that was the average cost of a data breach in 2020. In addition to steep financial losses, companies risk tarnishing their reputations, losing valuable investor and customer loyalty and high legal fees if they’ve failed to maintain data compliance.

Learn more about the real costs of company security breaches and what you can do to minimize your risk for attack.

Contact PCS Today

What Is the Average Cost of a Security Breach?

What Is the Average Cost of a Security Breach?

The average cost of a security breach depends on your industry, the nature of your business, the data you house and the extent of the breach. Typically, data breaches per compromised record cost about $242. 

Data breaches come in all shapes and sizes and aren’t always a result of ransomware or a malicious attack on your systems. They also occur when someone gains unwanted entry into a secure room, intercepts confidential information or an employee neglects to follow all security procedures. They can happen when your system or business front is vulnerable, like during extensive company changes, moves, natural disasters or any system left unprotected by the right cybersecurity tools.

During a breach, companies lose money, and attackers may access private client and business information.

  • Personally identifiable information: PII includes names, addresses, phone numbers, Social Security numbers, birthdates, legal ID numbers and personal health details.
  • Financial information: Attackers can learn private banking data about you, your employees and your clients.
  • Classified information: Classified information may include government documents, business contracts and blueprints.
  • Security codes: Some attacks may harvest passwords, entry codes and other priceless information that hackers can use against you in even costlier ways.

Cybercriminals don’t only target large companies — small businesses are also at risk. The average cost of a data breach for small businesses in 2019 was $200,000. Considering more than half of all small businesses experience a data breach each year, and only 40% of small businesses operate at a profit, a cyberattack could mean the end of a dream.

What's Behind the Average Total Cost of a Data Breach?

What’s Behind the Average Total Cost of a Data Breach?

Data breaches are increasingly common and have long-lasting effects. When considering the total cost of a data breach, the first and most obvious loss is financial. Businesses of all sizes spend a fortune in legal fees, compliance fines, lawsuits, client reparations and costs to repair damages and bolster security. But don’t discount the extensive loss that can also come to your company’s reputation and brand value. A ruined company image can be just as devastating as the financial ramifications.

Let’s break down what happens after a data breach to better understand the harmful aftereffects it can have on your company.

Fines and Legal Costs

Legal costs incurred might include attorney fees, regulatory fines and class-action lawsuits. All lawsuits and settlements — including those imposed by the state or the individuals affected — require an attorney, and you’re responsible for covering all legal fees and the ongoing cost of their time. Companies in some industries, such as financial and health care institutions, may also face regulatory fines if you fail to meet compliance standards to protect the consumer or patient data. 

Some states have laws requiring companies to notify consumers affected by a data breach, and failure to do so could result in further action. Depending on the state and specific case, you may face penalties for each breached record or the incident as a whole.

Though all organizations risk costly legal fees and fines, some of the most expensive breaches occur in these industries: 

  • Health care 
  • Financial
  • Government
  • Education
  • Business
  • Energy
  • Pharmaceuticals
  • Technology
  • Industrial
  • Services
  • Entertainment
  • Transportation
  • Retail

Fines are another significant cost for data breaches, regardless of industry. After the 2017 Equifax data breach, the credit reporting company agreed to pay at least $575 million, on top of the cost of fixing the framework issue that left user information vulnerable. A judge ordered them to pay an additional $7.75 million, $18.2 million and $19.5 million in 2020, on top of $2 million in legal fees. 

Financial institutions aren’t the only ones paying out millions for breaches — a health system in Miami faced a $2.15 million fine for ongoing HIPAA violations.

Reputation Damage

Perhaps just as costly as legal fees and fines is the damage a data breach can inflict on your company’s reputation. Business reputation is so paramount that 90% of customers refuse to do business with a company if it has a negative reputation or bad reviews. Since more than half of consumers research businesses before contacting them or making a purchase, your organization needs to do everything in your power to protect your public image and let potential customers know their information is safe.

A damaged reputation can also interfere with possible partnerships and expansion opportunities. If your business relies on investor support or hopes to in the future, a significant data breach or injured reputation could set off a negative chain of events.

Lost Brand Value

Customer loyalty is a critical part of building brand value. It’s more cost-efficient to retain existing customers than to attract new ones, and return customers can be your brand’s most significant asset.

When a customer is loyal to your brand or company, they are more likely to:

  • Recommend your business, service or product to others.
  • Leave a positive review on a public forum.
  • Do business with you again.
  • Give you valuable insight into how to improve your business or product.
  • Attend and advertise events and promotions.
  • Try new products or services when released.

Building a strong brand with loyal customers takes diligence and care, especially concerning their personal information. A data breach exposing financial information or PII can cause even your most loyal clients to take their business elsewhere.

How to Reduce the Cost of a Data Breach

Though the costs and fallout of a security breach are undoubtedly steep, there are ways to reduce your business’ losses and minimize the likelihood of experiencing a cyberattack in the first place. By taking a few preventive steps and investing in the right equipment, you can set your business and team up for lasting success against potentially devastating data breaches.

Create a Data Breach Plan

Have an Incident Response Plan

Have an Incident Response Plan

An incident response plan is a pre-established order of procedures your company should implement to prepare for a security breach. Company leaders can give employees and departments specific escalation instructions when they detect a threat, and the members of your incident response team can quickly isolate and deal with the issue before it can grow any larger.

Follow these tips to create an incident response plan for your organization.

  • Gather the right team: Your incident response team should include security experts with experience in detecting, managing and correcting cybersecurity concerns. Invest in quality training for your existing IT professionals, outsource to a third party or hire additional employees if necessary.
  • Identify your threats: Consider your most significant data threats and create a specific plan that deals with them before moving on to less likely scenarios. For example, health care institutions may want to focus on strengthening their response to HIPAA violations, while a retail store might be more concerned with encrypting online payment methods.
  • Involve the entire organization: Efficient cybersecurity involves everyone’s cooperation, from entry-level professionals to top-level management. Your incident response plan should be specific, so everyone knows their role in protecting your organization’s data and the steps they need to take during an incident. You should also incorporate regular feedback from all members of your organization and use it to inform ongoing training and plan adjustments.
  • Prepare for the worst: Some problems are too extensive or unexpected for even the most organized incident response teams. That’s why you also need a disaster response plan, so your company can bounce back quickly if ransomware or a similar threat leaves your data inaccessible.

Invest in the Right Technology

Investing in cybersecurity technology could mean the difference between a security threat and a security breach. A few common examples include cloud technology and security software.

Cloud technology is a virtual storage method that can protect your data from on-site threats, like natural disasters and access control, enhanced by things like virtual firewalls for extra protection. You can also use the cloud to automatically back up your data instead of storage hardware or portable media, which are more susceptible to damage or compromise. 

Security software, including anti-virus and anti-spyware, should be active and up to date. Check for patch releases and do not allow your license to expire before annual renewal.

Get a Security Audit

A third-party IT expert or cybersecurity organization can conduct a security audit on your business and its existing security systems to identify weaknesses and help you take steps to fix them. These audits give professionals a chance to analyze your potential threats and pinpoint which parts of your business could be most vulnerable in the event of a cyberattack. They can help you prioritize your incident response plan and tailor your response to fit each unique scenario.

Security auditors are also more aware of industry trends and emerging cybersecurity threats. They have access to the latest technology and insights to optimize your cybersecurity and strengthen your organization’s defenses. How often you participate in a security audit depends on your goals. Some organizations rely on an audit to ramp up cybersecurity efforts, while others enjoy the peace of mind that comes with annual checkups.

Schedule a Security Audit Today

Enroll in a Data Breach Insurance Plan

Data breach insurance can protect your organization’s finances and help you recover more quickly if you experience a data attack. You can purchase insurance plans that explicitly cover data breaches or enroll in a more comprehensive coverage plan that addresses multiple cybersecurity threats, sometimes called a cyber-liability policy. Paying into an insurance plan can be far less costly than the total data breach cost your company may face.

Depending on the policy, your cybersecurity insurance plan could include coverage for:

  • Lost revenue.
  • Legal fees.
  • Compliance fines.
  • Hardware and software damage.
  • Investigation costs.
  • Data restoration.
  • Ransomware extortion payments.
  • Customer notification costs.
  • Public relations assistance.
  • Regulatory penalties.
  • Some post-disaster assistance.

Since every organization’s cyber-needs and budget are different, you should research all your options before investing in an insurance plan. 

How Much Does Cybersecurity Cost?

Now that you know more about the threat of data breaches, how much a breach costs and how you can protect yourself against them, you’re probably wondering about protection costs. After all, if the goal is to spare your company from expensive losses, you don’t want your cybersecurity plan to be equally costly. Fortunately, technology has made cybersecurity options more accessible and customizable than ever before, so you can find the right combination of software and equipment to fit your needs and budget. Every investment you make into your company’s cybersecurity pays for itself quickly by offering peace of mind and protection against even costlier attacks. 

Request a Quote from Our Team

There are also many cost-efficient and even free methods of strengthening your company’s existing cybersecurity plan.

  • Training your employees: Engage in regular employee training to instruct your staff on recognizing cyber-threats and signs of a potential breach. Have a thorough escalation plan in place, so concerns reach the right person or department quickly enough to isolate the issue. Employee training should also include tips for password selection and guidelines for device security or building access where applicable.
  • Clearing or tossing unused devices: When recycling old devices or giving new employees a pre-used company phone, computer or tablet, be sure to manually reset and wipe all information and data beforehand. When devices are too outdated to work, or your company outgrows the need for them, recycle them at an e-waste center instead of leaving them around the office where they are vulnerable to unwanted access.
  • Conducting thorough security checks: Conduct thorough background checks and always confirm references with every new hire, third-party contractor or other partnership that has access to any of your company’s secure information, passcodes or data.

Reduce Your Company's Risk With Help From PCS

Reduce Your Company’s Risk With Help From PCS

Do worries about your company’s cybersecurity keep you up at night? We get it. Security breaches can have costly, lasting effects on companies of all types and sizes. That’s why we strive to be the most helpful IT company in the world — because your business and peace of mind depend on us. 

Our IT services include:

  • Data backup and protection.
  • Helpdesk support.
  • Computer tech support.
  • Mobile device management.
  • IT, server and network management.

We help clients across industries take control of their cybersecurity and get the assistance they need when they need it. We customize all support to fit your specific business and needs, with more than 100 experienced IT professionals on standby to guide you through the process. Contact our team to learn more and start implementing your hassle-free security today.

Unhappy With Your IT Provider? 9 Things to Ask an IT Support Company

Not all IT providers are created equal. Maybe your company has had the same provider for years, making it easy to renew that contract without much thought. But IT support is an essential service that can have a major impact on your business’s operations and reputation. Take the time to review your current IT service provider to determine if you are getting the service you need at the quality and price you want.

If you aren’t 100% happy with your current provider, it’s time to make a change. Knowing the right questions to ask an IT support company is an important first step in picking the right partner.

1. What Experience Do You Have in My Industry?

All companies need IT services, so any IT support provider should be able to offer those services, right? While many companies will have you believe that, your provider should have proven experience relevant to your industry.

Why does industry-specific experience matter? You want to work with an IT company with a knowledge of:

  • Operations: IT needs can vary from industry to industry. Whether you are looking for general support or assistance on a specific project, you want to know that your IT provider understands how operations in your industry work.
  • Challenges: The challenges in healthcare, for example, will be different than the challenges in architecture. Your IT partner is supposed to help you solve challenges, and that process is a lot easier when that partner has experience solving industry-specific obstacles.
  • Risks: Different industries face different IT risks. For example, some industries are primary targets for cyberattacks. Others may have different risk priorities. Do you want an IT support provider that knows those risks or a provider that applies the same risk categorization to all industries?

Ask your potential IT support provider to share insight into the industries they serve. You can also ask if the IT support company has earned rankings or awards relevant to your company’s sector. If the provider does not have any experience, consider moving on to another option.

Our Industries

2. What Support Is Included in the Contract? What Isn’t Included?

If you want to know what to look for in a managed services provider, dive into the details of your potential contract. Some possible support to look for includes:

  • Help desk: Do your employees need access to regular tech support? An IT help desk can answer any questions and help to keep everyone’s devices running smoothly so that they can do their jobs.
  • Data protection: Your business’s data is a vital asset that needs to be protected. Does your IT provider contract include data backup and protection? This addition could save you from disaster down the road.
  • Network monitoring: Your company’s network likely spans across a large number of locations and devices. Regardless of how far your network reaches, it needs to be protected. Does your support contract include network monitoring to catch and prevent intrusion and damage?
  • Mobile device and server management: Mobile devices have become instrumental to daily life. Many employees can access their employer’s network on their phones, tablets and home computers. Does your IT services contract include management of these devices? You should also know if your contract extends to include server management, which can involve updating and configuring your server.

What isn’t included in the contract is just as essential as what is. If your contract doesn’t cover some necessary IT service, you will need to perform those tasks in-house or work with another partner to make sure you cover all your bases.

3. What Is Your Response Time?

One of the most important questions to ask outsourced IT support involves response time. How quickly can you expect your IT partner to respond? How will response times differ for a relatively simple matter versus an IT emergency? When asking about response time, consider:

  • Help desk hours: Your partner’s help desk is there to answer everyday IT questions for your team. Some help desks offer 24/7 support, while others work during set office hours. Think about the level of support your company needs. During the help desk’s working hours, how quickly can you expect to receive assistance? Will there be long wait times? Will open tickets sit unresolved for days?
  • Security issue response time: Not all IT matters are urgent. Some issues can wait for days without materially impacting your business. Other problems cannot wait. If you experience a widespread disruption of IT operations or a security issue, you want to know that your partner will be there, ready to help.
  • Time from response to solution: Once you connect with your IT support provider, how long will it take for their team to solve your problem? Rapid response time is of little value if it takes too long to deliver an effective outcome.

Request A Quote from Our Team

4. What Is Your Customer Retention Rate?

The IT services sector has an average customer retention rate of 81%. Customer retention is a very telling metric, giving potential clients an idea of how happy an IT support company’s customer base is. High retention indicates high levels of satisfaction. If the potential IT partner has a low customer retention rate or it won’t share that metric, you have cause for concern.

Don’t be afraid to ask IT providers for that number. Ask for examples of satisfied customers and explanations for why clients have decided to leave and seek another partner. Companies that have built strong reputations supported by excellent customer service will be able to offer you that insight.

Common reasons for customer churn include poor service and failure to deliver value. You might actually be looking for a different provider for similar reasons, and if possible, you want to avoid selecting another IT partner that will present the same challenges.

5. How Does Your Support Ticket Process Work?

One of the most important questions to ask an IT support provider is about their support ticket process. That procedure itself can involve a few steps, so you might ask:

  • How do you open a ticket? The process of opening a support ticket should be fast and simple. Ask your potential IT support provider how this task works. Do they use a specific system? Can you open a ticket through an online portal? Can you open a ticket over the phone?
  • How are support tickets prioritized? Depending on the size of your company — and the size of your IT partner’s other customers — the team handling support tickets might have many issues to resolve every day. How are these issues prioritized? What system does the IT provider use to sort through, categorize and prioritize critical issues? You want to know that your IT issues are being addressed in a timely, organized fashion.
  • How are tickets resolved? Ticket resolution is essential to keeping your business running smoothly. Does the IT partner notify you, the client, when they resolve tickets? What happens if you are not happy with the resolution process? Do you need to reopen a new ticket?

6. What Do You Monitor? What Security Measures Are in Place for Your Clients?

IT security is crucial for your business. Your and your clients’ data need to be protected from the threats active in the world today. When you examine a contract proposal from an IT support provider, carefully consider what kinds of security measures are included. Does your provider have measures in place for:

  • Your network: Threat actors actively try to compromise business’ networks for financial gain. While some industries are at higher risk for these kinds of attacks than others, no industry can afford to get on without network protection. How will your IT provider monitor and protect your network?
  • Devices: Today, most businesses’ networks include much more than their servers. Employees and third-party vendors can often access sensitive data and systems from home computers and mobile devices. These endpoints are vulnerable to attack. Does your IT support contract offer monitoring and protection for devices?
  • The cloud: According to the Flexera 2020 State of the Cloud Report, 93% of businesses use multi-cloud solutions, while 87% have a hybrid strategy. The cloud offers a number of advantages, but it is yet another aspect of your business that is susceptible to attack by threat actors. Does your IT support offer security measures that cover the cloud?

7. What Will the Transition From My Current IT Company Be Like?

Once you know how to choose an IT support company, you’ll have to transition from your current partner. Your company will need to do some preparation to make that transition as easy as possible. Inform your staff and vendors of the impending change, maintaining transparency and sharing the necessary information with all parties affected by the switch. You can also ask your incoming IT support partner how they will help to make the transition seamless. Ask questions like:

  • How long will the transition process take? A seasoned IT support provider will have managed many transitions before yours. Your new partner should have a playbook that outlines the different stages necessary for successfully switching providers. They should be able to provide a timeline specific to your business based on its industry, size and contract details.
  • What information do you need from my team? Clearly communicating with your new IT partner will help make the transition process easy. Make sure you have clear points of contact within your business and the new support provider’s team.
  • How will you mitigate business disruption? You are likely switching to a new provider because you want a higher level of service to meet your business’s needs. With that in mind, you want to avoid disruption to your daily operations. Ask your new IT partner how they manage risk during the transition process.

8. Can Your Company Handle My Organization’s Size?

How to choose a managed service provider depends in part on the size of your company. See if your business is a part of the small and midsize group or if it is considered a larger company. Factors like the number of employees, number of physical locations and annual revenue determine your business’s size. Typically, small businesses have 10-49 employees, while midsize businesses have 50-249, and companies with more than 250 employees are usually considered large businesses.

When selecting an IT partner, ask what kinds of customers they serve. An IT provider that specializes in large businesses is a promising fit for companies that exceed the threshold of 250 employees. On the other hand, those IT support providers that mostly manage large companies may not understand the needs of small- to medium-sized businesses. Ask your potential IT partner about other clients they serve that are similar in size, as well as industry, to your business.

IT providers that do not have experience working with businesses comparable to your size may not deliver on your expectations. Outgrowing an IT support partner or discovering the support partner does not understand the needs of a business your size is a common factor that drives a provider switch.

9. Will I Get a Dedicated Account Manager?

When working with a partner, you want to know that they understand your business’s unique needs. You also want to be able to build trust and rapport with that partner. An IT support company with experience in your industry and with companies of your size is a great starting point, but it is still important to determine how you communicate with that partner. A dedicated account manager will:

  • Provide continuity of service: You do not want to waste your time explaining your IT issues to multiple people. A dedicated account manager can serve as your main point of contact, communicating issues and questions to the rest of the support team. An account manager that knows the ins and outs of your business can help maximize the value you get out of your IT service provider.
  • Understand your business’s long-term goals: IT services are an essential part of your operations. Even if those services are outsourced, they will need to adapt to your business’s changing goals and needs. A dedicated account manager will have in-depth knowledge of your company’s long-term goals, empowering them to help you adjust your IT service as needed.

You may also want to ask your support partner if your contract will include a dedicated engineer who can be your go-to technical contact.

 

Get Your Questions Answered With PCS

At PCS, we think finding an IT partner should be easy, and we are ready to serve you. If you are looking for a new IT provider, ask us these questions — and any other ones you can think of — to understand the full scope of what we can offer. Selecting a service provider is an important decision, and we are here to help make that decision as easy as possible.

Contact us to start a conversation about your IT needs and have your questions answered.