Last month, after a successful purchase by Verizon, search engine giant Yahoo revealed that as many as 500 million user accounts had been compromised, resulting in Verizon asking for a $1 billion discount on the $4.5 billion dollar purchase. (The hacker who sold the data, revealing the breach, assured Yahoo that there were “only” 200 million hacked accounts and the data was several years old—some consolation!)
As data hacks become an unfortunate fact of life, too many companies remain focused on immediate costs—remediation and improved security—and perhaps not enough on long-term impacts and strategies to address them.
Small Bytes, Big Bucks
Immediate remediation of a hack can cost a business substantial but manageable sums—anywhere from $170,000 to $4 million, according to figures gathered by Deloitte & Touche. But Deloitte did a further analysis which showed that the long-term effect of a serious hack, like that suffered by Yahoo, can boost those costs an additional 75-95%, depending on what and how it is measured. Deloitte’s analysis estimated the five-year cost of a serious breach at a staggering $1.6 billion when indirect costs were factored in.
Standard estimates consider only direct costs, such as recovery costs, personnel retraining, improved software and hardware, and insurance and immediately lost business. Risk-analysis companies such as Kaspersky argue, correctly, that it is difficult to quantify things like “loss of brand confidence.” Kaspersky’s numbers placed the median cost of a breach at about $4.9 million, damaging enough for an average company.
Think Past Tomorrow
The problem, according to Deloitte, and Rand, which did a similar study, is that such comparatively small numbers give companies little incentive to invest in long-term cyber security strategies against hacking. Yahoo could probably absorb even a $4.9 million data breach, even at the expense of higher insurance premiums. Smaller businesses, with less likelihood of being breached, feel even less urgency to invest in costly solutions.
It appears now that the breach at Yahoo was state-sponsored. Ransomware hacks are becoming more frequent, like assaults by tech-savvy terrorists and cyber-criminals. Businesses can no longer remain complacent that a few dollars to the customers and an extra layer of encryption will do the job. In the long run, a little extra investment in security will save you money piece of mind later on.