By David J. Sexton
The list of large corporations that have fallen victim to cyber attacks continues to grow. Likewise, the magnitude of the crimes committed continues to escalate. A research report from Ponemon Institute and IBM indicates the average total cost of a data breach in Canada is $5.32 million and the average cost per compromised record is $250.
Now, I have a sense of what most readers are probably thinking at this point: “The only organizations getting breached are worth billions of dollars and have just as many records! It would never cost my business that much and we’d never be targeted by a hacker in the first place.”
Unfortunately, that’s not the case. Sophisticated hacking techniques aren’t the only method to qualify as a true ‘data breach.’ Any event where personal or confidential information is lost or stolen can fit the definition. Data breach can include human error, which is not limited to the mistreatment of electronic data. If paper files are stolen containing sensitive information, that also constitutes a data breach.
If you’re in business, you’re exposed to data. If you’re exposed to data, you’re at risk for it to be stolen or lost. In order to properly protect your business, the cost of that risk needs to be addressed. To do so, here are six questions to consider that will influence four areas of costs specific to a data breach.
Question one: How many records were exposed?
This all depends on the size of your business and the type of breach that occurred, but it will be the primary driver of the costs.
For simplicity’s sake, let’s say the average jeweller makes sales to five new customers a day over a five-year period. That would amount to 9125 records, potentially resulting in more than $2 million in damages if the cost per compromised record was consistent with the $250 average. Your business would also be responsible for those five years’ worth of employees, contractors, and other business relationship records.