Cost vs Impact: What Security Breach Really Means for an SMB
- January 30, 2018
- Posted by: Gary Evee
- Category: Cybersecurity
It’s one thing to read about a major breach. Certainly, it’s easier to swallow when the loss is not your own. The headlines, though, become old news fast. While life marches on, the company that has already suffered a loss of customers continues to pay the price for a security breach.
For those companies that have been lucky enough to not yet know the true impact of a security breach, there are exceedingly high costs that can be catastrophic to those SMBs who are trying to stay in business.
Everything in business has a dollar value attached to it, but the true impact of a security breach for an SMB is not measured in what they must pay out for damages. If you are still working under the misguided assumption that you are not a target because you are too small, it’s time to face reality.
Think of a hacker as the schoolyard bully. In the same way that the bully often picks on the smaller kid, many cybercriminals intentionally target SMBs because they lack the strong security systems that the big guys have. Whether you break the cost of a breach down to per record stolen or look at the direct and indirect consequences, there’s no shortage of studies that look at the overall growth and impact of cyber attacks on SMBs. I’ll share a few that will help to create a clearer picture of the breadth and depth of risks to small business.
More than 600 SMBs participated in a 2017 Ponemon Institute study which revealed that cyber attacks affected more SMBs in the previous 12 months. In the aftermath of the breaches, the companies spent an average of $1,027,053 because of damage or theft of IT assets and an additional $1,207,965 on the cost of disruption to normal operations.
Whether it’s people or budget, security resources are a hard to obtain for many SMBs. A 2017 Forrester Total Economic Impact Study found that most small businesses are challenged with creating and maintaining security services, maintaining legacy technology, and securing devices.
According to a 2017 First Data Market Insight report, 90% of breaches impact small businesses, with an average of $36,000 in out of pocket cost of a data breach for a small business merchants. Note that this dollar figure does not include the indirect non-monetary consequences that can be just as or even more damaging to your business.
What are other indirect consequences that can impact the business? There are many, and they range from loss of customers to remediation, business disruption, loss of customers, damage to brand, and identity theft repair to name just a few.
The overall impact of a security breach extends far beyond your own organizations. Because so many managed service providers are SMBs, there’s a greater risk of creating a domino effect in the businesses you serve. Those SMBs that provide services to major enterprises need to be investing in their overall security posture that also protects their customers against cyber attacks. Failure to do so could result in more of those indirect consequences like regulatory fines and legal costs.
Organizations look to managed security services for help because working with a trusted partner will give you peace of mind. Knowing that you can trust the security of your third-party vendors is a critical step in advancing your overall security posture. Contact Evee Security Consulting Group to learn how our trusted partners can deliver the customized security solutions your business needs to protect, detect, and respond to cyber attacks.