Data Breaches Cost How Much?
Data breaches are one of those things where we know they are bad but do we know what their real cost is?
IBM and the Ponemon Institute have an answer: $3.86 million is the average cost of a data breach. Now, this number could be high because of much more significant data breaches getting a lot of attention and are easier to identify. But, I would wager that there are a lot of smaller data breaches which do get publicized a) because they are small, and b) because they are not identified as a breach.
“While highly publicized data breaches often report losses in the millions, these numbers are highly variable and often focused on a few specific costs which are easily quantified,” said Wendi Whitmore, global lead for IBM X-Force Incident Response and Intelligence Services, in a statement. “The truth is there are many hidden expenses which must be taken into account, such as reputation damage, customer turnover, and operational costs. Knowing where the costs lie, and how to reduce them, can help companies invest their resources more strategically and lower the huge financial risks at stake.”
Data Breach Conversations with Customers
It may be uncomfortable, but MSPs should be having data breach conversations with customers. These discussions should include the following:
- Data breach awareness
- Procedures in the event of a breach
- Involvement of the MSP in handling breaches
Data breaches are one of those unique areas where the MSP can only do so much. At some point, the customer must become involved and participate in their survival. What cannot happen is the customer think that an MSP will indemnify them against all "tech" problems, which include data breach incidents.
Breaches Impact Everyone
Data breaches affect all organizations, regardless of whether they are regulated or not.
There are now vast geographic areas, encompassing North America (the US and Canada), and European Union member states where data breach notification is a requirement. Companies (and their MSPs) may have a duty to disclose IT breaches in certain circumstances in these areas, and this is only going to continue to expand.
While this may seem very daunting to some of you, it is excellent news. MSPs should see this as a tremendous opportunity to interact with their customers and work with them to develop a plan to safeguard their data.
Better to have this conversation with them than have your customer become another data breach statistic.