Most companies know that a security breach is a big deal. For those involved in protecting companies from these breaches, they also know that these threats are more common than many realize, and cost more than their budgets for prevention currently reflect. This is starting to change as companies begin to understand the cost to recover from such attacks, with 10% of total IT budgets in 2018 dedicated towards cyber protection. However, the actual value of cybersecurity readiness still remains a little unclear. Sure, protecting sensitive data and intellectual property is invaluable, but there are also concrete numbers from the 2018 Scalar Security Study we can look at to help understand a company’s expected ROI in these IT security areas.
Cost of Security Breaches for Canadian Businesses
In Canada alone, cybersecurity breaches costed companies more than $9.6 billion in recovery in the past year. Along with that huge financial hit, these companies experienced a total of more than 813,000 days of down time and had over 100 million sensitive data records stolen.
This becomes increasingly concerning when you break those numbers down into what might be included in the stolen records. More than 40 million of those records included private and personal information from customers and employees, while over 60 million had data regarding financials and product secrets.
This certainly seems a little bleak, but not all cyber security attacks result in a breach if proper security measures are being taken on a regular basis. Again, in Canada last year, there were 82.5 million cybersecurity attacks and 2.6 million of those attacks resulted in breaches. Unfortunately, when a breach does occur, the financial impact skyrockets.
Financial Impact of Security Breaches on Individual Companies
To make these numbers a little more digestible, let’s zoom in on a single company. In our 2018 Scalar Security Study, we learned that the average company finds itself under hacker attack more than once a day and 87% of the organizations we spoke to said that they suffered a successful breach last year. Unfortunately, the cost to recover from each breach was, on average, $3.7 million.
$3.7 million is a lot, especially when you consider that only approximately $215,080 of that number is spent in direct dollars addressing the breaches. The other $3.5 million is lost in revenue and profitability. Whenever various networks, infrastructures, or end-user sites are down, money is lost. This is also true of employee work days devoted to recovering from the attack, let alone all of the actual data stolen.
IT Security Investments with High ROI
In our 2018 Security Study, we learned that while larger organizations are definitely attacked and breached more often, the financial impact on smaller organizations is higher. A lot of the time, businesses factor in the recovery expenses, which can be relatively low, but fail to factor in everything from down time to external relationships, like suppliers and partners, as well as customer impact and overall PR. As we already talked about, the recovery expenses stretch far beyond the direct dollars addressing each breach.
This cost should lead organizations, regardless of size to start allocating funds into strengthening their weak IT security areas. Knowing that the average breach costs between $4.6 million for a medium to large company and $1.1 million for a small company (15-249 employees), key cyber security initiatives have high ROIs.
Read: Which Key Cybersecurity Weaknesses Are Organizations Ignoring?More from the study