Data loss is a serious concern for many businesses. You can completely lose access to your data if it’s been corrupted, destroyed, or deleted. Sometimes data loss happens because of hardware failure. But it can also be the result of malware (malicious software), or a data breach from a cybersecurity attack.
Awareness around cybercrime and cyber insecurity is on the rise; it’s ranked #8 in the global risk forecast for the next 10 years.[1] With more of our lives happening online than ever—and cybercriminals getting more sophisticated all the time—it’s extremely important to take action and protect yourself and your business against potential cyber threats.
Backing up your data to encrypted hard drives or flash drives provides a backup copy in the event of data loss. It gives you an easy way to recover your files if your computer system is compromised. And in the event you lose your drive, the encryption keeps would-be cybercriminals from being able to access your sensitive data.
For business owners, large and small, protecting your business data is crucial to success and longevity. In this post, we go over important data loss statistics and ways you can start securing your business today.
Data Loss from Breaches Is a Rising Problem
The alarming rise in cybercrime puts companies at significant risk, particularly with the threat of permanent data loss or lost access to data due to ransomware. Between 2013 and 2022, numbers have more than tripled for data breaches, showing just how pervasive the problem is.[2] Even more disturbing is the fact that in the initial nine months of 2023, there was a nearly 20% rise in the number of data breaches in the U.S. compared to the entirety of 2022.[2]
The concern doesn’t stop at data breaches. In the first three quarters of 2023 alone, there was an almost 70% surge in the number of ransomware attacks compared to the same period in 2022, leaving companies more vulnerable than ever to cybercriminals holding their sensitive information hostage.[2]
While data breaches might not seem as horrible as ransomware attacks, they still can compromise your data. If measures aren’t taken to re-secure your system, breaches leave you open to current and future threats and attacks. The data breach statistics aren’t great either since 29% of data breaches do lead to data loss.[3]
The Business Consequences of Data Loss
Data loss is a serious problem for businesses. It’s not just access to important information you’re losing—it often means lost money and valuable time, too, through compromising important relationships, leaking financial details, and creating system errors that slow or stop your operations.
Here’s what the potential consequences could look like.
Lost Money
The global average that businesses lost from data breaches in 2023 was $4.45 million dollars—that’s an increase of 15.3% from 2020.[4] The money they lose comes from a variety of sources that directly or indirectly impact the business, including[5]:
- Hiring a response team: Following a security breach, businesses usually have to hire a specialized response team of forensic investigators and legal counsel. Forensic investigators work to understand the nature and extent of the breach, identifying how it occurred and which data has been affected, while legal counsel guides the business through any potential legal implications and helps navigate regulatory compliance requirements. Engaging this expertise comes at a significant cost, with the average forensic investigation expense following a cybersecurity incident amounting to around $58,009.[6]
- Fixing vulnerabilities: Once you have a sense of how the breach happened, you’ll have to identify and secure any existing vulnerabilities in your system. This means looking into your service provider and network segmentation. If you find faults with either of these, you might need to switch providers or redesign your system, which can be not only time consuming but also costly.
- Being unable to operate: How long a breach puts your business on ice depends on things like the nature of the attack, your business size, and your industry. But even the smallest incident causes some amount of downtime and creates extra work for you and your team. Not being able to go about business as usual can take a huge chunk out of your revenue—IT leaders in large companies report that downtime can cost as much as $1,467 per minute.[7]
- Opportunity loss on price margins: As with most unexpected expenses, the cost of data breaches often gets passed on to the customer. A recent IBM report found that data breaches resulted in price increases of business offerings to a little over half of respondents.[4] If you have to raise prices to cover the cost of the breach, your profit margin doesn’t change.
- Fines and settlement fees: Laws vary by state, but depending on the type of data that was compromised, you might face significant fines and penalties. One of the most expensive examples was a $5 billion fine issued to Facebook by the FTC after the Cambridge Analytica scandal. Companies may also suffer costly lawsuits from affected parties, like customers and stakeholders.[8]
- Losing customers and reducing brand image: One of the worst consequences of any data breach is the loss of customer trust. Almost nothing can hurt your reputation more than compromising customers’ personal data, whether it’s the result of your own actions or a hacker’s. IBM’s report found that companies suffered lost business costs to the tune of 1.3 million in 2023. These costs include revenue lost due to putting your business on pause, losing current and potential customers, and damage to your business’s reputation.[4]
Again, the exact cost to your business will vary depending on the severity of the incident, your company size, your industry, and so on—but the fact remains that, even under the best circumstances, you will lose something of value.
The cost of a breach may come from a variety of sources, but the data is a driving factor for the total cost. Overall, the higher the number of records lost as a result of a data breach, the more money a business spends to recover from the loss.
Here’s an overview of how the average cost of a data breach increases with the increase in records lost:[4]
- 1–10 million records lost spent $36 million.
- 10–20 million records lost spent $166 million.
- 20–30 million records lost spent $225 million.
- 30–40 million records lost spent $304 million.
- 40–50 million records lost spent $328 million.
- 50–60 million records lost spent $332 million.
Lost Time
If your business is victimized by a cybercrime, all your time and attention immediately goes to containing that emergency. Instead of focusing on your day-to-day tasks to take care of the business needs, you’ll have to focus on figuring out how to recover from a breach, including:
- Time to identify and contain the threat: The time it takes to clear up the breach and secure your system is time away from doing business. According to IBM, it typically took businesses 204 days to identify a breach and an additional 73 days before containing it.[4] This is up from 2017, when businesses spent 191 days on average identifying breaches and then 66 days before containing them.[4]
- Employee downtime: Dealing with lost or restricted data means your employees are unable to do their jobs. As many as 33% of companies hit by a ransomware attack had to temporarily halt business.[9]
- Sending breach notifications: Your company has to notify anyone affected by the breach that their personal information was compromised. Laws vary depending on the information involved and the industry you’re in. For example, if healthcare information was compromised, you have to notify affected parties within 60 days. Tracking down whose information was compromised would be a lengthy process.[10]
- Navigating lawsuits: Customers and other affected parties whose personally identifiable information (PII) was accessed might bring lawsuits against you, which can turn into lengthy legal disputes.
Being prepared with data protection measures in place not only helps reduce the time it takes to recover from breaches, but also reduces the money spent when a breach occurs.
Small Businesses Face Greater Risk of Cyberattack
You may only think of cyberattacks as happening to data centers and other deep wells filled with information. But data breaches hurt companies of any size in any industry, and small businesses are hurt the most. If you’re already starting with fewer resources, the costs of recovery absorb a much bigger portion of your personnel, time, money, and effort.
Cybercriminals also target small businesses more—as much as 350% more, in social engineering attacks—because they assume smaller companies have fewer security measures in place and less incident response training.[11]
The massive cost of a cyberattack might even drive a small company out of business. In 2023, companies with fewer than 500 employees reported paying $3.31 million due to data breaches, a 13.4% increase from 2022, $2.92 million.[4]
Compare that to what small businesses actually generate in profits. Businesses with 1 to 19 employees only earn $1 to $2 million in average annual revenue, while those with 20 to 99 employees average $7 million. Companies with 100 to 499, on the other hand, average nearly $41 million.[12]
These statistics underscore just how vulnerable small businesses are to cybercrime. Taking preventative measures to increase data security now helps your business avoid the worst potential data breach costs, especially if you’re operating in a highly targeted industry like healthcare, financial services, or tech.
Backing Up Data Minimizes Loss From Ransomware
Ransomware attacks are what they sound like—hackers gain unauthorized access to your data and “hold it hostage” with encryption, demanding a ransom from your company for the decryption keys. It’s the largest cause of loss for small to medium enterprise businesses (SMEs), averaging $334,000 per incident.[13]
Unfortunately, the ransom demands are often scams too. Even if you pay, your chances of getting all the data back are low. Most businesses that pay the ransom only get about 65% of their encrypted files released, leaving a lot of data (and money) lost.[14]
The average time to recover from attacks and the average ransom payment are both increasing. For example, in the restaurant and hospitality industry, recovery time nearly doubled from 2021 to 2022 (7.8 days to 14.9 days), and the average ransom payment was $600,688.[6]
But statistics also point to the value of backup solutions for data recovery from these events. In 2021, 57% of victims who experienced a ransomware attack were able to use backups to get their data back.[14] Another study found that, in 2022, an organization was able to partially or fully restore data from a backup 85% of the time without paying a ransom at all.[6]
If you’re in need of a reliable backup system or solution, look no further than Secure Data’s encrypted data storage. Our expert data backup practices can help you recover from software failure to corrupt files.
Cloud Data Security Is Essential
Cloud storage is an unavoidable and extremely commonplace business practice, and it’s not hard to see why—the cloud is pretty much unparalleled for its convenience.[15] But did you know that cloud-based systems are a top target for cybercriminals?
In 2023, data stored in the cloud saw more than 80% of data breaches.[2] Additionally, 38% of SaaS and cloud-based storage apps were identified as top targets for cyberattacks.[16] Criminals are also exploiting OS vulnerabilities, resulting in data loss 36% of the time.[17]
While it can be difficult to operate without the cloud, make sure to encrypt and back up your data to protect yourself. An offline backup, like a Secure Data secure drive, provides a comprehensive copy of your data that isn’t attached to the cloud, so it can’t be touched by cyberattacks against your company or your service provider. It’s also safe from risks like accidental deletions or service outages.
Employee Training Can Reduce Incidents
On top of the fallibility of tech, there’s also a human error element to lost data. According to the Verizon 2023 Data Breach Investigations Report, of all breaches, 74% involve company personnel “via error, privilege misuse, use of stolen credentials, or social engineering.”[18] Data lost accidentally, such as by stolen company devices or lost devices, cost businesses $4.46 million in 2023.[4]
Whether it’s from an accident, negligence, or maliciousness, employee involvement in data insecurity is a growing concern. It can happen from a variety of gaps and threats, like using insecure networks, poor password management, phishing emails, intentional theft—the list goes on.
In most cases, lack of visibility and control on part of the company is the common denominator. A data breach report by Varonis focusing on the financial services sector found that two-thirds of companies have 1,000-plus sensitive files open to every employee and about 60% of companies have passwords that never expire.[19] That’s leaving the door open for accidents to happen—or bad actors to take advantage.
That’s why it’s essential to train your staff on data loss prevention and put the right security measures in place. Here’s what you can do:
- Create internal policies for employees to follow: Establish a formal framework of protocols concerning data access, storage, and sharing. This might include setting explicit internet usage guidelines, outlining email policies, and creating a roadmap for incident response.
- Use strong passwords for all internal documents: Secure internal documents by implementing strict password policies. Complex, unique passwords that incorporate a mix of numbers, symbols, and capital and lowercase letters are tougher for scammers to crack.
- Prohibit unauthorized users from document or device access: Set up secure user authentication mechanisms to prevent third parties from accessing your files. Features like multi-factor authentication and role-based access control make it difficult for someone to log in even if they have the credentials, and keep system access limited to the users who have permission. Also, make sure you have a way to quickly deactivate access privileges when an employee leaves the organization.
- Educate employees on phishing: Regular training sessions can help employees identify and avoid falling for phishing attacks. Teach employees about common signs of phishing attempts, such as misspelled emails, suspicious links, and unsolicited requests for personal information.
Prevent Data Loss by Securing Your Business’s Data
Rather than waiting for data loss or a data breach to happen to you, you can prepare now, before your data is lost forever. Here’s what the FBI says to focus on[20]:
- Have secure backups.
- Make employees aware of situations as they happen.
- Properly train employees on how to use, access, and share company data.
- Only give employees access to data when necessary, such as giving them a viewer role instead of an admin role.
Building on the FBI’s advice, here’s our list of best practices to keep your business data safe:
- Train employees. Make sure they’re able to identify potential threats and are well-equipped to deal with cybersecurity events if they come up. Use mandatory security protocols to both protect your staff and weed out weak links who don’t comply.
- Invest in security software. Security programs can constantly scan and assess threats and vulnerabilities in your system, making you aware of compromises and security incidents right when they happen, so you can contain them fast.
- Back up data regularly. Use both offline, encrypted backups like Secure Data’s secure drive as well as encrypted data storage for all your business files.
- Secure networks. Using a secure network makes your digital activities safer and reduces your risk of falling victim to cybercriminals.
- Limit employee access. Employees should only have access to the files and aspects of your system that they need to fulfill their responsibilities. Don’t let them access anything they don’t need, especially if it’s sensitive data.
Organizations that suffered breaches had better luck recovering when they invested time, testing, and planning into internal measures beforehand, saving valuable time and money.
In fact, IBM found that companies saved more when there was a high focus on incident response (IR) planning and testing, saving $1.49 million dollars compared to companies that didn’t consistently focus on that.[4] Additionally, more than half of companies who experienced a breach increased their spending with 50% indicating their investment in IR planning and testing, with employee training as a close second option at 46%.[4]
Secure Your Data Today
Data loss is a terrifying prospect, especially when it wipes away countless years of hard work in one fell swoop. Cybersecurity threats may be on the rise, but you’re not alone in fighting them. From state-of-the-art encryption to recovery services, our experts at Secure Data can assist with your data security needs so you can protect your data before it’s too late.
Sources
- World Economic Forum, "Global Risks Report 2023"
- Apple, “The Continued Threat to Personal Data: Key Factors Behind the 2023 Increase”
- Fastly, “Global Security Research Report The race to adapt”
- IBM Security, “Cost of a Data Breach Report 2023”
- FTC, “Data Breach Response: A Guide for Business”
- BakerHostetler, “2023 Data Security Incident Response Report Reassess & Recalibrate Security Measures & Approach”
- Veeam, “2023 Veeam Data Protection Report”
- FTC, “FTC Imposes $5 Billion Penalty and Sweeping New Privacy Restrictions on Facebook”
- Cybereason, “2022 Ransomware The True Cost to Business A Global Study on Ransomware Business Impact”
- U.S. Department of Health and Human Services, “Breach Notification Rule”
- Barracuda, “Spear Phishing: Top Threats and Trends”
- Zippia, “15+ Average Small Business Revenue + Profit Margin Statistics [2023]”
- NetDiligence®, “Cyber Claims Study 2023 Report”
- Sophos, “The State of Ransomware 2021”
- SBA, “Cloud Storage, Thumb Drive or Disk Drive? Pros and Cons
- Thales, “2023 Data Threat Report”
- Statista, “Most common causes of sensitive information loss in worldwide organizations as of February 2023”
- Verizon, “2023 Data Breach Investigations Report"
- Varonis, “2021 Data Risk Report”
- FBI, “Incidents of Ransomware on the Rise”