We see figures thrown around often about the cost of a breach to a business. One estimate for an overall average cost of a breach to a small business is $85,500. Another estimates the average cost per record at $217. These figures are great to wake someone up to the overall impact of cyber security threats, but it’s not personal. How do we understand the impact to an individual business? That’s much harder.
Tailored cost estimates are rarely built because of the difficulty. Larger businesses are very complex and it’s difficult to accurately represent all the variables. Smaller businesses are attempting to handle security in-house and don’t have the skillset to measure or are secured by an external business that cannot create the numerous estimates for all cases in every customer.
In the most basic form, those cost estimates are just dollar values based on the loss of revenue and productivity from the different threats that are common to the business. Simple, right? Not impossible, but not easy.
First, you need to understand the threats facing your business and the method they typically use to attack others like you. Once you understand those, you can build models of downtime and lost productivity in your business to better understand the dollar value of different types of breaches on your business. You’ll have several numbers because you won’t just have one threat against your business.
As an example, let’s look at ransomware. What should we consider?
- Is the ransomed information vital to business operations?
- If it is, how long can you operate without it?
- If you need it immediately and regularly, how long will it take to recover it?
- Will you pay the ransom and hope for the best?
- Do you have a backup that can be restored?
- How long ago was the last backup and how much recent data will need to be recreated?
- How long will it take until the backup is fully restored and ready to use?
- Will you just wing it and try to operate without or attempt to recreate the information from other means?
Each of these questions steps through the response and recovery process, giving you insight into how you handle the crisis. Each will also give you approximate values of resources used to recover. Some will be in direct cost, others in easily measurable downtime, but some in long-term lost of efficiency and operational cost increases.
But the key to this short line of questions on a single threat in a single business is that it gives you customized values so that you can make decisions on how to best secure your company. And hard data is always better than fuzzy gut feeling when it comes to business decisions.
Would you like some help finding costs of a breach for your company?
Visit our services page to see how we can help
Contact us today for a free and confidential consultation.