What CFOs Need to Know: Small Firms Should Pay for Security Now or Pay More After a Breach
Small companies often neglect data security. In one study, only 31 percent of small businesses are actively defending against breaches; 44 percent aren’t using antivirus software, let alone more sophisticated defenses.
There are three main reasons for this neglect: lack of funds, lack of expertise, and lack of urgency. Small companies often think they’re too small to be targeted and protecting themselves is too expensive. They’re wrong on both counts. Nearly 75 percent of attacks target small businesses, with 60 percent of hacked small companies forced out of business as a result. The security firm Kapersky reports that small businesses pay $38,000 in direct costs to recover from an incident, plus an additional $8,000 in indirect costs. It’s also important to realize that your intellectual property can be the target of an attack, not just your customers’ information.
1. Costs in Dollars
Those financial costs come from several sources, including the cost of forensic investigations, notifying customers of the breach and offering credit monitoring, paying compliance fines, liability for fraudulent charges, and upgrading your point of sale system. There are also costs associated with PR, lawyers, and providing additional training for your staff. In total, you can expect to pay about $221 per stolen record.
2. Cost in Time
The time you spend resolving the breach is time that isn’t spent growing your business. Your IT team may be pulled away from projects in order to support the investigation and mitigation activities. If the breach causes system downtime, you may miss out on business opportunities or be unable to complete transactions in a timely way.
3. Cost in Customers
You can also lose customers as a result of a security incident. Close to one-third of customers terminate their relationship after a data breach, and even those who continue doing business are likely to lose confidence in you. Besides losing existing customers, the bad press associated with an incident can keep you from getting new customers. And credit card companies can refuse to process payments for you, turning you into a cash-only business and driving even more customers away.
Related: Ways a Data Breach Can Cost You
Pay for Security Instead of Paying for a Breach
The costs of an incident are reduced by having a plan and tools like encryption in place. This means understanding your vulnerabilities and implementing defenses potentially including firewalls, antivirus software, data loss prevent software, encryption, and other protective measures. Training your employees is another important part of your defenses.
Prescient Solutions offers security services to protect you from attack and help you recover from any successful incident. Contact us for a free IT audit to identify your risks and develop your defensive strategy.