According to IBM’s latest cybersecurity report, the average financial impact of a data breach on businesses has risen significantly, reaching nearly $5 million per incident [1][2]. This represents a 10% increase from the previous year’s figures [1][2]. 

The study, conducted in collaboration with the Ponemon Institute, examined 604 organizations across 17 industries and 16 countries that experienced data breaches between March 2023 and February 2024 [1][2]. The breaches analyzed affected between 2,100 and 113,000 individual records [2]. 

The global average cost of a data breach climbed to $4.88 million, marking the most substantial increase since the COVID-19 pandemic [1][2]. This figure encompasses expenses related to breach detection, victim notification, post-breach response efforts, and lost business [2]. 

Over half of the surveyed organizations reported passing these increased costs onto consumers through higher prices for goods and services [2]. Consider the risks involved in raising prices and how that might impact your business. How will that affect your competitiveness in your local market? Some businesses enjoy strong customer loyalty but with recent inflation, many customers are sensitive to price increases which could drive them to online sources or your local competition. This is just one of the secondary impacts of unpreparedness, lack of preparation, and inadequate organizational resources overwhelming your capacity to deal with the affects of a data breach or other cyber-attack. 

The report also highlighted that lost business and post-breach activities accounted for $2.8 million, the highest combined amount in six years [2]. Now consider how much time it would take for your business to recover from a cyber-attack. Some attacks are more complex and take more time to recover to full operational capacity. While you’re working at recovery, how much business will you have lost? Consider the technical skill sets of your staff that can be called upon to respond to the incident. Are they trained to respond to cyber-attacks? Do they have the necessary tools and capabilities? If your business is supported by IT or cybersecurity consultants consider their Service Level Agreements (the services they provide and obligations to restore your systems). If not, estimate the time you or your staff will take to stop any effects of the attack and restore operations. Then figure how much business would be lost during those hours or days not serving customers, fulfilling orders, managing inventory, and other impacts. This is the cost of a cyber-attack on your business.  

87% of small businesses have customer data that could be compromised in an attack. Customer personal data, including tax identification numbers, emails, and addresses, was compromised in more than 45% of the breaches, while intellectual property records were affected in 43% of cases [2]. One-third of small businesses with 50 or fewer employees rely on free, consumer-grade cybersecurity solutions [2]. Few small businesses have staff with the required technical skills to configure free solutions effectively. Free solutions are not generally provided out of charity so what do free solution providers gain by offering their products? Often it’s your data or information about your use that’s valuable to them. Also consider that free solutions may not be professionally maintained and any vulnerabilities or built in risks may not be divulged to the user. Users may enjoy a false sense of security, It may seem like a bargain, but there are significant risks using these products, especially if you lack the technical expertise to configure them or understand their shortcomings.  

Phishing attacks and compromised credentials were identified as the primary sources of most breaches, with associated costs of $4.88 million and $4.81 million respectively [2]. There are measures you can take to protect against phishing attacks. Email services can be configured to reject untrusted senders. Enabling DKIM, DMARC, and SPF authentication, scanning for keywords, creating sender and domain blacklists, and other methods can be used to reduce the number of phishing emails delivered to your organization’s inboxes. Staff training and phishing simulations are other measures to prevent attackers’ success and reduce your cyber risk.

With all these risks small businesses face with the growing frequency of data breaches, it’s more important than ever to prepare yourself. Partnering with a cybersecurity consultancy like We Know Cyber is a step you need to take to protect your business with training, securely configured and trustworthy solutions, and the expertise to keep your business profitable. Call us now at 888-904-7011 or email [email protected]. 

Citations: 

[1] https://www.ibm.com/reports/data-breach 

[2] https://newsroom.ibm.com/2024-07-30-IBM-Report-Escalating-Data-Breach-Disruption-Pushes-Costs-to-New-Highs 

[3]  https://www.strongdm.com/blog/small-business-cyber-security-statistics 

[4] https://www.healthcaredive.com/news/healthcare-data-breach-costs-2024-ibm-ponemon-institute/722958/ 

[5] https://www.immersivelabs.com/blog/ibm-cost-of-a-data-breach-report-2024-why-people-are-the-key-to-mitigating-rising-costs/ 

[6] https://complexdiscovery.com/ibm-report-rising-data-breach-costs-highlight-challenges-for-cybersecurity-and-ediscovery-professionals-in-emerging-europe/