Could an employee’s lost laptop cost a company $5.4 million? It could if the employee has access to sensitive customer data
, hasn’t taken proper security
precautions, and the company hasn’t shielded itself with a proper cyber
It’s far simpler to replace a misplaced or stolen computer than it is to investigate and seal a data breach, notify thousands of customers that they are potential victims (as required by law in most states) and, in the worst-case scenario, pay damages, legal fees and PR management costs as a result of a class action or other litigation.
However, executives by and large seem slow to recognize cybercrime as a growing international problem, with U.S.-based companies the primary target of foreign-based hackers. Energy companies, in particular face an increasingly sustained threat, according to authorities here. In fact, the National Institute of Standards and Technology in February released a framework to help targeted companies avoid what Leon Panetta, the former defense secretary, once called a 'cyber Pearl Harbor.'
According to some recent estimates, ongoing cybercrime against top U.S.-based companies costs our economy more than $300 billion each year. And the cost of a typical data breach of a public company’s systems could average as high as $5.4 million, according to the Ponemon Institute, which conducts independent research on privacy, data protection and information security policy.
For small-to-midsize businesses, the average cost per breach may be smaller -- roughly $188,242 -- according to specialist insurer Hiscox, but the complete toll can be higher. Two thirds of such companies close their doors within six months of a cyber breach. Without protection, they don’t have the same resources as a major corporation to withstand the damage.
And small companies that think they are below the radar of hackers should know that attacks on businesses with fewer than 100 employees amounted to 31 percent of breaches in 2013, according to a study by insurance underwriter Chubb. Hackers know that compromising a vendor’s server can yield access to much larger connected companies and their customers’ data.
Weak data security can be costly in another way, too. A convicted former hacker has just announced that he’s launching a hedge fund that will short-sell stock of companies his fund managers deem vulnerable to cyber-attacks. Such companies would then have to cope not only with damage control from breaches (and a potential rise in attacks from grateful hackers) but also with a setback in raising capital. Data security is now paramount to a health bottom line and companies who want to be seen as fit to successfully conduct business, ignore it at their peril. (continued...)