We have discussed data loss and its causes, we have discussed GDPR and what it means to lose data in this regulatory environment (so has everybody else). However, the cybersecurity community seems to shy away from the topic of the actual cost of data loss.
The Ponemon Institute stated that the average cost of a data breach in 2017 was £2.48 million, with the average cost per stolen or lost record being around £98. This is a major financial cost but what about the other implications of a breach or accidental deletion? What does it mean for your business and if personal records are lost what does it mean for those individuals?
Damage to reputation
Data breaches damage reputations or at least they used to. High profile data breaches happen almost daily and it’s fast becoming the norm. Consumers don’t seem to be shocked or even compelled to change their habits, meaning enterprises that can afford to pay the fines can survive relatively unscathed. It’s smaller businesses that are in danger following a data loss.
Data loss is almost inevitable, whether it’s a breach or human error it will probably happen and preventing it and surviving it are two very different things. Preventing it is near impossible, surviving data loss means anticipating data loss and although we may not want to hear it putting a disaster recovery policy in place is the key to making it through.
Building a DR Policy
If you have the policy in place to deal with the disaster it can mean the difference between bankruptcy and survival especially for companies that aren’t on the enterprise level. Building the right disaster recovery in preparation for a breach is simple: it’s all about anticipating your businesses requirements in a breach situation.
Begin with the basics, look at the minimum requirements of the regulation. What is your plan in the event of an emergency? Who needs to know first? How do you let them know? When will you alert the Information Commissioners Office? You have 72 hours before you must report the incident, when will you report it? How will you allocate your teams resources?
Thoroughly document the process, make sure you understand the timeline and the costs (including the cost of notifying affected individuals). This could be an email, a letter or even through other outlets. Depending on the size of your business you might need to bring in external outsource in call centre form as people will be calling in to find out if they have been affected. If you don’t have an internal PR firm, it might be worth outsourcing here as well.
It’s easy to see how the costs of a data breach or data loss scenario can quickly mount up. From the resources required to identify, notify and remediate the legal costs and fines there is no wonder businesses go under following such incidents.
What about the cost of repairing the events?
The cost of repair is up to 100 times higher than preventing it. Thus, detection, prevention and reporting are vital. Even if you believe your business is highly protected through prevention tech or strong endpoint security, all it takes, in the end, is one employee clicking a shady link in a phishing email and you could be in trouble. No one is infallible.
This is why every business needs a plan. This shouldn’t be driven by your IT manager but from the highest level downwards, in all businesses, of all sizes. We are seeing a shift in responsibility from our IT Teams to our boards, our CEO’s, our business leaders.
A data breach could cost your business everything and until there is a wider recognition that backup and disaster recovery is vital to the health and wealth of your business, then your business will be at risk. Don’t let your business go under, hope for the best but always plan and prepare for the worst.
Backup Systems work to create the perfect backup and disaster recovery plan for your business. To understand how we can help you download our managed service guide.