On average, a data breach can cost a small business £53,000
Data breaches are more common than you might think, especially for small businesses.
To illustrate that point, here are a few key statistics:
These and other figures paint a concerning picture. Small business owners (SMBs) are underprepared for constant attacks that can cost them thousands.
Part of the problem is that many SMBs don’t know what’s valuable – or, at least, everything that is of value. We lock our doors, keep cash in safes and have intruder alerts. But what about your digital data?
While it may not be that valuable to someone else, it’s invaluable to you, which is why ransomware attacks work to get YOU to buy it back. How much a company’s data is worth is often only quantified when a cybercriminal steals it and offers it back at a cost. How much would you pay for all of your data?
The aim is never to get to this stage. All small businesses should aim to collect their valuable data and protect it.
Contemporary businesses rely on a wide variety of data types. How these businesses manage the collection and protection of that data is crucial to ensuring customer satisfaction.
Your business gathers and uses data that relates to its core activities:
The cost of cybercrime to you and your business will depend on what your business does, how it makes money and what form the attack is.
Having said this, financial loss is always harmful whether as a result of having to pay out to repair a compromised system, compensate customers, or to pay fines to the relevant authorities if you’re found to be in breach of legislation. It will have a detrimental and unforeseen effect on your revenue and cash flow.
We’ve worked out that the total cost of a data breach for a small business could reach £53,000 continue reading to find out how we got there.
Your digital data – reports, surveys, emails, corporate information – is an essential part of the service you offer. How much would you pay to get it back if you suffered a ransomware attack? On average, small companies are asked to pay £3,000 per user ($4,200.00).
How much time - and therefore money - would it take to rebuild your data if it was permanently deleted? Even if you pay the ransom requested by the malicious hackers, there is no guarantee you will get your data back. Plus, ransomware is just one type of cyber attack. There are plenty of viruses that can compromise your data and not provide you the opportunity to get it back.
Many companies shut down during cyber attacks and this has a cost. For example: an attack means you and 20 employees can’t work for two days. If the average employee gets paid £200 ($275) per day, the attack has already cost you £8,000 ($10,980.) Then figure in the time to rebuild your digital assets (assuming you can.) If it takes each person a week’s work to rebuild databases, repopulate address books and scour emails for invoices, purchase orders and other data, that’s an extra £20,000 ($27,450.) Now factor in any new business you have been unable to do, what is the loss of earnings? If you turn £5,000 ($6,860) per day, that’s £25,000 ($34,310) over a working week.
Now the figure is starting to look like £53,000 ($72,740).
Of course, that £53,000 ($72,740) - or whatever your initial costs total - is before you look at other damage costs. This may include outside technical support to clean and rebuild servers, new machines and the cyber security that people invest in all too late. This could easily add a few more pounds or dollars to your bill.
There are other important reasons to protect your data. In the US businesses must comply with a variety of State and Federal laws and regulations; in the UK, companies have to comply with the Data Protection Act.
Economic regions also have their own requirements that member and non-member states need to be aware of, such as the European Union General Data Protection Regulation (GDPR) which came into effect on 25 May 2018.
Failure to manage your customers’ data in accordance with the relevant laws can result in fines, litigation, and even criminal convictions. Penalties for not complying with GDPR, for example, are up to 4% of your annual international turnover or, for the most serious breaches, €20million ($24million/£17.5million.) Failure to comply might also affect the ability to deliver a service or product to your customer.
Another important aspect to consider is that companies and individuals have the right to sue you, if you are the source of a breach of their data that you hold. Thousands of employees sued Morrisons supermarket over data breaches. The same fate befell Seagate, who were sued through the Northern California District Court for their data breaches.
Although small businesses are not affected by lawsuits to the same extent as bigger companies, one statistic states that the average small business earning $1million (£730,325) annually will spend about $20,000 (£14,600) on legal costs every year. So it’s worth considering the impact data breaches can make on any budget you set aside for litigation costs.
Businesses have a responsibility to protect the personal data of their employees, and breaches can endanger your colleagues: people with families and livelihoods of their own.
Some businesses even end up having to close after an attack, which means everyone is out of business and looking for a job. By failing to protect your digital assets you are placing everyone at risk.
And what about your reputation? You might say it’s hard to quantify value like that, but if negative press and subsequent distrust means your revenue drops by 20%, it’s easier to quantify.
Equifax is not only being sued, but its plummeting share price shows the impact of distrust.
Any loss in customer trust could also hamper your future success and the reputation of your brand or business. Your customers may reasonably think that, if you were hacked once, why couldn’t it happen again? Confidence in your brand or business can drain faster than the battery of your smartphone.
*This figure is the number of fires (7209) as a proportion of the total number of businesses in the UK according to UK Gov: 5.7m.
You lock up at night. You have security cameras and burglar alarms. Your phone has a screen lock. You have smoke detectors and sprinklers. And then you insure your premises and other liabilities, to make sure that if these measures don’t work, you can recoup damage costs and rebuild your business.
So, why don’t small business protect their digital assets in the same way? It costs a fraction of an attack and gives you peace of mind, just as your locks, insurance and smoke detectors do. Follow these basic actions to protect your small business:
Train your staff. If you don’t have the money to spend on formal training courses, you’ll find plenty of information online that will benefit you and your staff. Make sure that your employees know:
Avast Business Web Control can help keep your business safer online
Avast researchers take a deep dive into the dangers of downloading pirated software and explain why small businesses should avoid this tempting practice.