Data breaches can result in dire financial repercussions for any organisation that has to deal with sensitive data, whether that be personally identifiable information (PII), personal health information (PHI), payment details, or other similar data. Depending on the number of records compromised, the costs range anywhere from tens of thousands to hundreds of millions of dollars.

The latest Ponemon study, sponsored by IBM and released in July 2018, calculates the full cost of “mega breaches” (involving more than 1 million lost records) to be $350 million. This figure takes into account the more evident cyber incident expenses such as those for technical investigation, customer breach notification and credit monitoring, regulatory fines and litigation services, among many others. The organisation would also have to cover the cost of investing additional resources into network security improvements.

In addition to the more recognisable breach-related expenses, companies also need to account for the hidden costs. These are the ones that may not be immediately evident upon discovery of the cyber attack but will continue to cause problems for your company in the ensuing weeks, months, or even years. By the time these less visible costs become apparent, enterprises will realise that they could become expensive and harder to manage.

In this post, we name five of the most commonly identified hidden costs of a data breach:

1. Higher Insurance Premiums

   

   Owing to the slew of data breaches (many of them high-profile) that have taken place over the past few years, insurers for cyber security insurance have increased premiums significantly.  A recent study released by global professional services firm Aon reveals that US cyber insurance premiums rose by 37 percent in 2017, making it a $1.84 billion business.

   While the rise in total premiums signifies that more companies are now recognising the need for cyber liability insurance, it is also indicative of the general increase in insurance premiums. Businesses that previously experienced a publicly-disclosed IT security breach were the hardest hit, with some even finding their premiums to have tripled upon renewal.

2. Costs Related To Operational Disruption

   

   Upon the discovery of a data breach, the enterprise’s immediate incident response tends to focus mainly on investigating the attack and the damage caused. While this takes place, however, there will inevitably be some form of disruption to a company’s normal operations, which then also carries financial consequences. The extent of the disruption and loss will depend on the severity of the damage.

   For instance, the business’ e-commerce website could be completely shut down during the investigation to avoid a second wave of attacks. Or, if no external team is hired to perform customer notification tasks, some employees could be withdrawn from their usual jobs to respond to the breach. What’s also certain is that the entire IT department would be occupied, which consequently deprioritises network security and maintenance, and leaves internal customers to fend for themselves

3. Loss Of Customer Relationship And Trust

   

   As several studies have shown, it’s common for customers to turn their back on a business that failed to protect their data, and their exit can drastically impact a business. First, costs would be incurred in winning back those customers, or even their trust, perhaps by way of special offers or promotions. Then there’s the lifetime loss of revenue from those clients who leave and never come back.

   The enterprise could opt to boost sales and marketing activities to gain new customers, but these would also incur more costs. Furthermore, the data breach will cause inevitable damage to brand equity. In the long run, this could affect your bottom line more than you expect.

   Increased Cost To Raise Debt

   

   A successful data breach attack against any enterprise not only harms their public image but as it turns out, also their creditworthiness to financial companies. A concrete example is when department store retailer Target had its credit rating downgraded by S&P from an “A+” to “A” in 2014, months after it suffered a huge data breach.

   While smaller-sized companies don’t have to worry about being downgraded by the major credit rating agencies such as S&P, it remains that a breach in your IT security could affect your financial standing in terms of how creditors and banks perceive your business. This could translate to higher interest rates on current loans, and/or more stringent financial requirements for new or additional borrowings.

4. Continuing Waves Of PR And Legal Expenses

   

   Long after the last customer has been notified and compliance penalties have been paid, legal costs of the data breach may continue to plague the organisation involved. For instance, cases of identity theft (using PII previously stolen in a cyber attack) could still be traced back to the company, even several months or years after the incident.

   This could set off new rounds of litigation, adding to the mounting post-breach costs. Further, businesses would also need to spend more on PR management because the stigma of having your customers’ data compromised will remain, even if the buzz over the data breach has since subsided.

The hidden costs of data breaches discussed above are by no means the only ones that your company could encounter. However, knowing that these costs have to be dealt with sooner or later should give you give a good idea of what you’re up against in case of a breach. Better still, it can motivate you, even more, to mitigate network security risks and prevent a cyber attack altogether.