Costs of Privacy Breaches and Cyber Incidents to SMBs
In this age of growing interconnectivity, more and more businesses are choosing to rely on virtual services for convenience and efficiency. However, these practices put a firm in the crosshairs of cyberattack. Based on the analysis of thousands of real-world incidents, Verizon found that in 2018, 53,308 cybersecurity incidents have been recorded. Sixty-five countries were affected, and 2,216 were data breaches. These types of incidents are often detrimental to companies, especially if categorized as small to mid-size businesses (SMB.)
SMBs are particularly susceptible to cybersecurity incidents, for often they have weaker online security and are conducting more business on online services such as the cloud. Essentially, SMBs are sleeping with their business doors unlocked. According to a study conducted by Ponemon Institute in 2017, 61% of SMBs stated that their companies have experienced a cyber attack in the past 12 months, and 54% of SMBs reported that they had privacy breaches involving customers, target customers and employee information. This should be a sobering wake up call for SMB owners to start investing in cybersecurity. Moreover, the costs, due to cyberattacks, incurred on SMBs are often high and have lasting future impacts.
Cybersecurity incidents are a very real threat to SMBs because they result in large expenditures. Cyber incidents are defined as a violation of or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices. SMBs spend an average of $879,582 because of damage or theft to IT assets; costs incurred from disruption to normal operations for SMBs average $955,429. Out of all SMBs, information, manufacturing, and retail industries suffer the greatest costs relative to any other industry. Because of weaker cyber security, SMBs are the most vulnerable firms, and these costs are real and frightening for SMB owners. Furthermore, SMBs usually do not have the internal resources available to deal with cybersecurity incidents. According to Kaspersky Lab, SMBs spend an average of $21,000 in lost business and another $21,000 in costs related to hiring external professionals for recovery.
Likewise, privacy breaches should be a real concern for SMBs. Privacy breaches may involve personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property. Nearly all SMBs store some type of personal information in online systems, and breaches of that private information have very real costs. A study done by Kaspersky Lab and B2B International found that the average cost of an SMB data breach is about $117,000 per incident. Without proper protections in place, even the smallest business can have its privacy breached. The cost of a data breach for a small business merchant averages between $36,000 - $50,000.
Along with direct costs from privacy breaches and cybersecurity incidents, SMBs incur several other expenditures as a result of a cyberattack. For example, cyberattacks can damage the brand or reputation of an SMB in the eyes of the public. According to a 2017 report by Poneman, after a cyberattack, 31% of respondents terminated their relationship with the responsible organization. Moreover, not adhering to cyber compliance and standards opens up SMBs to the large costs of liability.
In conclusion, privacy breaches and cybersecurity incidents are a plague to SMBs around the U.S. Often, these attacks can be mitigated by complying with security standards and investing in effective data protection services. As time passes, regulations will become more numerous and strict, and SMB owners cannot afford to ignore the potential of a cyberattack.
Varchas Raman served as an intern at PKH Enterprises in 2018. Mr. Raman is a senior at the University of Michigan pursing careers in political science and economics.
Share on Facebook