The hidden costs of data breaches for small businesses

Nearly 8 in 10 small business leaders admit they are anxious about the safety of their company’s sensitive data and information, according to Shred-it.

According to the Identity Theft Resource Center’s report, the number of data breaches remains in line with the all-time high set in 2021, and consumers are not oblivious to the stark realities of cybercrime. 81% of consumers would stop engaging with a brand online following a data breach, stated a Ping Identity consumer report.

Additionally, the cost of data breaches to all businesses is at its highest level ever with an average cost of more than $4.4 million globally, more than $5.1 million in Canada, and more than $9.4 million in the U.S. This financial impact could cripple a small business as they face potential regulatory actions and fines, legal fees, and the loss of customers.

Data breaches affect 1 in 4 small businesses

This year, Shred-it’s report found that 1 in 4 of the small business leaders surveyed reportedly experienced a data breach in the past and, of those, 50% said it was caused by employee error.

45% of consumers noted having experienced at least one data breach. Furthermore, 3 in 4 small business leaders and 94% of the individual consumers surveyed said they are concerned about future data breaches.

To help avoid future breaches, more than 90% of small business leaders believe that data and information protection and compliance training is an essential security practice. Still, interestingly, only 15% require employees to complete them.

“Following years of stress from the global pandemic, small businesses and consumers now face many financial pressures due to inflation, lingering supply chain issues, and rising prices,” said Cory White, EVP and chief commercial officer at Stericycle.

“Running a business is now more costly than ever, and businesses continue to look for ways to save money. Our 2023 Data Protection Report found that small business leaders recognize that information and data security are critical in building and retaining strong relationships with customers. However, many are still at risk of losing customers and related revenue if sensitive physical and digital data protection becomes compromised. Addressing data protection properly is an essential part of business leaders’ strategic decisions,” added White.

Training and education can help mitigate potential risks

73% of the small business leaders and 94% of the consumers surveyed are concerned about data breaches in the future. These concerns are even higher among Canadian small business leaders (81%).

Only 60% say they are proactive when it comes to data and information protection, and a mere 22% report being ‘extremely proactive,’ potentially leaving many small businesses exposed to future issues.

71% fear that their employees will not know what to do in the event of a breach. However, only 15% of small business leaders report that they require their employees to take any training, and the few who do have mandatory training are not offering it regularly.

63% of small business leaders admit they do not have a reliable source to maintain relevant policies and training. 76% worry that regulations will only become more complicated and burdensome for small businesses in the future. These worries are even more pronounced for Canada-based small business leaders (87%).

67% of small business leaders are overwhelmed at the thought of changing procedures to meet existing regulations. 47% do not currently have third-party partners for managing sensitive digital data and information, but more than 90% of those who do use a third-party partner feel their partnerships are deeply valuable.

“Small business leaders need to be proactive and allocate more budget upfront or risk significant revenue loss that is difficult to recover from,” said Michael Borromeo, VP of data protection at Stericycle. “They have an opportunity to protect themselves by offering regular employee training and developing an understanding of the shifting data protection regulatory landscape — both of which a trusted third-party partner can provide valuable guidance.”