The Actual Costs of a Data Breach in 2021

June 15, 2021

2020 was a banner year for cyber criminals. As the coronavirus halted normal business operations across industries, shifts to remote work environments and a growing reliance on digital communication resulted in significant risk exposures for businesses of every size and type. Cyber criminals were successful in penetrating corporate and government computer systems around the world. The costs associated with a single criminal data breach can be staggering—and those costs are expected to increase in 2021. Without the protection of cyber insurance, business owners face out of pocket expenses that can negatively impact operations. 

Data Breaches: An Overview

Cybercrime can take many forms. In some cases, criminals will gain unauthorized access to computer systems and steal data. In other attacks, sensitive personal information and business data will be held hostage, only to be released after a ransom is paid to the criminals. No matter the type of cyber attack, business owners have experienced substantial financial impacts. In a single attack on a Canadian financial services firm, the company was forced to spend about $53 million to recover stolen information. A European manufacturing firm faced costs as high as $75 million for a cyber attack that crippled operations.

According to a report compiled by IBM and the Ponemon Institute, the average cost associated with a data breach was nearly $4 million in 2020. In the United States, the average cost is even higher, approaching $8 million. While cyber insurance serves to recoup many of the costs faced in the wake of a criminal data breach, preventing attacks from occurring in the first place is a powerful risk management approach.

Four Categories of Financial Loss

In the wake of a data breach or ransomware attack, business owners may be on the hook for hundreds of thousands or even millions of dollars in unexpected expenses. Monetary losses associated with cybercrimes fall into four broad categories:

Detection: Costs resulting from identifying and reporting a cyber attack as well as the expenses arising from audits, investigation, and mitigation.

Notification: Costs associated with informing customers and stakeholders of a cyber attack.

Response: Expenses that arises from the company’s response to an attack, including beefing up computer security, additional monitoring of computer systems, and providing affected customers with legal advice, credit monitoring services, and even discounts. 

Business losses: Cybercrime often interrupts business operations, resulting in significant expenses. Lost revenue is only one of many potential effects of a data breach.

The role of cyber insurance in protecting businesses from financial hardships after a data breach cannot be overstated. This insurance provides reimbursement for many of the expenses associated with cybercrime and offers a blanket of liability protection for business owners.

Hidden Costs Associated with Data Breaches

Lost revenue and the expenses associated with recovering data after a cyber crime are well known to business owners. Data breaches often come with a wide range of hidden costs, however, and these costs can strain even the most comprehensive cyber insurance policy. Hidden costs associated with a data breach include:

• Legal liabilities
• Forensic data recovery
• Supply chain interruptions
• Reputational harm
• Intellectual property theft
• Lost control over critical business infrastructure and networks
• Increases in cyber insurance premiums after a cyber attack

In many cases, business owners discover that calculating hidden costs or intangible losses is difficult at best. Simply determining what is lost and how much it costs adds even more expense to the equation, as many companies hire third-party cyber security professionals to conduct valuation and damage analysis in the wake of a data breach. Cyber criminals continue to target healthcare operations, financial services firms, and government entities even as world economies recover post-pandemic. It is clear that cyber insurance is an essential risk management tool in 2021 and beyond. ◼