What’s the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million, according to NTT Com Security.

While 54% of those surveyed say information security is vital to their business and 18% agree that poor information security is the single greatest risk, 65% predict that their organisation will suffer a data breach some time in the future.

The real cost of a security breach

Respondents estimate a breach would take nine weeks to recover from and would cost $907,053, on average – even before the cost of any reputational damage, brand erosion and lost business are taken into consideration.

Decision makers estimate that 19% of their company’s remediation costs would be spent on legal fees, 18% on compensation to customers, 15% on third party resources and 15% on fines or compliance costs.

The survey of 1,000 non-IT business decision makers in organisations in the UK, US, Germany, France, Sweden, Norway and Switzerland shows that recent high profile data breaches are hitting home.

According to the report, almost all respondents say they would suffer external and internal impacts if data was stolen in a security breach, including loss of customer confidence (69%) and damage to reputation (60%). One third of business decision makers also expects to resign or expects another senior colleague to resign as a result of a breach.

Effects of a security breach

The report also shows that 41% of organisations have some kind of insurance to cover for the financial impact of data loss and a security breach, while 12% are not covered for either. However, 35% of respondents say they have a dedicated cyber security insurance policy, with 27% in the process of getting one. 52% have a formal information security policy in place, while 27% are in the process of implementing one.

Other survey highlights:

  • Only around one in five (22%) respondents report that all of their organisation’s data is completely secure
  • Consumer (57%) and business (55%) customer data are the types of data that respondents are most likely to say that their organisation needs to protect
  • Three in ten (30%) respondents say that more is spent on human resources (HR) than information security
  • Almost all respondents report that there would be external (98%) and internal (98%) impacts if their organisation had information stolen in a security breach.