Calculating The True Cost of a Security Breach

Overcoming Complacency: 10 Cybersecurity Tips that Will Get Your Staff’s Attention
November 14, 2018

The recent Facebook security breach should underscore the need for companies to protect both their own data and that of their users and customers. It is clearer than ever that whatever time and money may be involved in ensuring that data is secure, the potential loss of both in the event of a breach is far greater. What is the actual cost of a security breach?

The Nature of a Security Breach

In the most general terms, a security or data breach is the unintentional disclosure of sensitive data; this can be anything from customer financial records and personal user data to company secrets and intellectual property.

A security breach is often the result of a deliberate cyber-attack by one or more malicious individuals. It can also occur through simple negligence on the part of a company in observing proper precautions and procedures in storing or disposing of data, as appears to have been the case with the PumpUp data breach earlier this year.

Whatever the cause, and whatever the kind of data involved, it’s clear that these incidents can be very costly. But costly in what way? And what are the precise sources of financial loss? What is the true cost of a security breach?


A common consequence of a security breach is that the target company’s online presence is temporarily disrupted. In some cases, the whole point of the breach is to cause such a disruption.

In this digital age, companies cannot afford to be disconnected even for a moment; this is true even of companies whose products or services are not primarily delivered through the Internet. Statistics suggest that just one minute of network downtime costs companies an average of $5,600.

Man Hours

This is a relatively straightforward cost to calculate. It’s simple: when a company experiences a security breach, that means its systems have been compromised and/or that the breach exploited flaws that were already there. Either way, the problem needs to be addressed, and companies cannot afford to rely on regularly scheduled hours to do so.

Issues caused by the security breach, or which made the breach possible in the first place, need to be fixed as quickly as possible. Not only does this enable the continuance of normal business operations, but it also prevents any more breaches from occurring by the same means. This translates to one thing: overtime. Depending on the severity of the breach and the nature of the data involved, it could mean a lot of overtime.


Various regulatory bodies are concerned with data protection, as they should be: customers and users trust companies with a lot of sensitive information, and it is the responsibility of those companies to keep that information from falling into the wrong hands.

One of the strongest enforcement tools available to regulators is the levying of fines against companies that prove unable to keep sensitive data secure. The size of these fines can be staggering: the recent Facebook breach could cost the company $1.63 billion in the form of a fine from Europe’s largest privacy regulator, the Data Protection Commission.


The greatest cost of a security breach, especially in the long term, is the cost entailed by the loss of trust from customers and users, not to mention investors. When customers sign up for a service or place an online order with a company, they trust that company to keep their sensitive financial and personal information safe. And investors trust the company not to do anything to upset its customers or users.

The Facebook data breach put the data of 50 million users at risk. That’s a lot of people who will think twice about using Facebook again. Were a significant competitor to come along at this moment, it is not inconceivable that they could siphon off a sizeable portion of Facebook’s user base.

There’s also the fact that Facebook’s stock dropped by 3.4% after the breach, and may well continue to drop in the aftermath. The loss of trust in a company, therefore, represents a significant tangible financial loss.

Invest in Security Today to Prevent Greater Costs Tomorrow

The true cost of a security breach is all of the above, added up together. There’s a reason that a significant number of companies that experience breaches go bankrupt within a few years.

The smartest investment a company can make is in its own data security. Ensuring that there are no flaws within a system that could be exploited in order to expose sensitive data — or, if there are such flaws, ensuring that they are swiftly and adequately addressed — is the surest way for a company to avoid the incredible costs that can accrue from a security breach.

It may seem like a significant expenditure of time and capital, but that’s nothing compared to what a company could end up paying.

Leave a Reply

Your email address will not be published. Required fields are marked *