How much is a data breach going to cost you?

Quite a bit, but different factors lead to how much

data breach
Credit: Thinkstock
It is going to cost ya

A recent IBM study found that the average cost of a data breach has hit $4 million—up from $3.8 million in 2015. There are countless factors that could affect the cost of a data breach in your organization, and it’s virtually impossible to predict the exact cost. You might be able to estimate a range with the help of a data breach calculator, but no single tool is perfect.

BitSight looks at a number of factors companies should keep in mind when it comes to calculating the actual cost of a future data breach.

data breach cost
Credit: Thinkstock
Location, type of currency and company size

Even simple things like exchange rates of the currency your business predominantly uses can impact the cost of an information security breach. If you are a small shop that deals with limited (or no) customer data, the cost of a data breach may be significantly lower than what a larger corporation may experience.

data breach cost
Credit: Thinkstock
Industry and type of data or records held

The type of data lost in a breach is one of the largest factors in what it will cost you. If you only lose email addresses, it is probably not going to be as big of a payout as if you lose personally identifiable information (PII), sensitive customer data (like Social Security numbers), payment card information, private health information (PHI), etc. The more sensitive the record is, the more costly the breach will be. For example, if you lose payment card information, you may need to offer free credit monitoring to those affected. Or, if you’ve compromised customer health data, you may be subject to regulatory fines from governmental agencies.

data breach cost
Credit: Thinkstock
The root cause of the breach

The root cause of a breach can certainly influence the number or type of records lost, which correlates to cost. For example, if the breach is caused by a third party. In a recent study, the Ponemon Institute found that “breaches involving third-party organizations remained the most costly.”

data breach cost
Credit: Thinkstock
Operational costs

If breached, this could slow, disrupt, or completely halt operations. For example, for a retail business, it could mean a loss in sales. In a service business, it could mean the loss of the ability to provide customer support.

data breach cost
Credit: Thinkstock
Breach aftermath

If a company suffers a data breach that is the result of poor security practices, it may want to double down on its security investments—which will come at a cost. Some hardware or software may require replacement or security upgrades post-breach. And some organizations may realize they are understaffed with security professionals and need to hire a new IT professional, CIO, or CISO.

data breach cost
Credit: Thinkstock
Investigative costs

If you need to bring in a third party to investigate your data breach—or even the FBI—these services will cost you up to six or seven figures depending on the size of the attack.

data breach cost
Credit: Thinkstock
Public disclosure

If people are no longer willing to use your services or purchase your product after a large data breach, your bottom line, stock price and company reputation could all be at stake.

data breach cost
Credit: Thinkstock
Class-action lawsuit

If you experience a class-action lawsuit as the result of a data breach, the cost will clearly be driven up. It also means that the breach that occurred was significant—i.e., many records were compromised and customers were put in some kind of very difficult situation.

data breach cost
Credit: Thinkstock
Sales or mergers

The cost here could simply be the value of the business itself if you’re in the process of an M&A deal. For example, after the massive Yahoo breach, the value of the company is now in flux. Verizon is still assessing the valuation of Yahoo and determining if it is going to follow through with the deal.

RELATED: How to prepare for a data breach