A data breach is one of the highest-rated threats to organizations, according to the Business Continuity Institute’s 2017 Horizon Scan report. Just in December 2018, the National Aeronautics and Space Administration (NASA) disclosed a data breach back in October involving their employees’ personal data. Popular social networking site Facebook also admitted in September that a feature in the site’s code was exploited to gain access to the accounts of nearly 50 million users of the platform.
While NASA and Facebook’s business processes weren’t interrupted, their employees’ personal information and details, including social security numbers, were compromised. What’s even more worrisome is that these are huge organizations with some of the tightest security measures in place, yet their servers still got hacked. What are the odds, then, for small businesses?
The Cost of Data Breach
In October 2018, IBM, together with the research center Ponemon Institute, released the report 2018 Cost of Data Breach Study: Impact of Business Continuity Management. This study quantifies the financial and reputational value for organizations of investing in business continuity management programs before a breach.
After examining the data breach cases of 477 organizations from 13 countries, BMI and Ponemon Institute found that the average cost of a data breach was $157 per stolen record, with an average total cost of $4.24 million. The likelihood of having recurring data breaches over the next 2 years is 32.3 percent. Also, 78 percent of companies had their business operations disrupted.
With a business continuity management (BCM) program, these numbers significantly go down. The report found that the average cost of a data breach per stolen record went down to $139, with the average total cost at $3.55 million. The chances of recurring data breaches also went down to 23.4 percent and only 56 percent of companies experienced business operation disruption after involving BCM in advance of a data breach.
The 3 Ms of Business Continuity Management
According to Forbes, the best way for a business to prevent being breached is to make yourself a harder target and know what to do when you become one anyway. You can do this by following the three Ms: minimize, monitor, and manage.
The first M talks about minimizing the risk of exposure. This means you have to take preemptive measures and beef up your business’ security rather than wait until it’s breached. These measures include educating employees about security risks and how not to fall victim to such threats, giving access to important databases only to the people who need it, and choosing the right technology for your type of business.
The second M is about monitoring your security. This means you cannot be lax once you’ve installed security measures. You have to test your security system periodically to ensure that it’s still working. You should also install security updates as soon as they roll out to make sure your system is performing at its best.
Finally, you should immediately manage the damage that a data breach can bring upon your organization. This includes checking for insurance in cyber liability with plans that cover most, if not all, costs of a data breach. You must also have a plan in place for how you’ll deal with the aftermath of a breach including dealing with affected customers, employees, and any other individual involved.
A data breach can wreak unimaginable havoc on organizations and it can severely disrupt business processes. Apart from the inconvenience, the financial strain from a breach can be unbearable, especially for small businesses. Being proactive in your planning and security safeguards your business and increases your chances of avoiding the myriad problems that a data breach brings.