Back to overview
05. March 2021

The Real Cost of a Data Breach & The Value of Proactive Breach Management

Over the past decade, cybercrime has steadily risen to take advantage of the increased opportunity. Start taking extra measures to protect its data. If not, the damage could be severe.

Over the past decade, cybercrime has steadily risen to take advantage of the increased opportunity. A report from July claims that significant data breaches were significantly more frequent in 2020, with a 273% rise in just the first three months of the year alone. While we won’t know the full impact until more numbers come in, your organization needs to start taking extra measures to protect its data. If not, the damage could be severe.

How Much Could a Data Breach Cost Your Company?

Ponemon estimates the total bill comes out to nearly $4 million. Nevertheless, each industry and region face different economic variables, with the most expensive breaches stemming from the US healthcare industry. Their average damage was calculated at $6.45 million, compared to a relatively modest amount of $1.29 million for public governmental offices.

So, where do all of those costs come from?

Initial Damage

The Ponemon Institute have collaborated for several years to bring you the Annual Cost of a Data Breach report. This report outlines four key expenses that stem from breaches. The first is related to the initial damage, which they classify as “detection and escalation”.

This phase actually accounts for nearly a third of the total expense. Additional staff may be needed to form part of a response team. Data analysts might have to analyze your entire file system to identify the extent of the breach. Whether you bring in external help or not, this phase is expensive and the damage worsens each day you don’t act.

Aparavi can simplify this phase by making it easier to analyze your files and who has access to them. Since the majority of data breaches occur due to unauthorized access through phishing attacks, you can start your inspection by isolating the files that the phished employee could have had access to. Since you can adjust permissions quickly in Aparavi, it’s also possible to rapidly limit the spread of a breach if you catch it early enough.


The second phase involves notifying customers, regulators, and potentially the press. While this is the lowest contributor to the total cost, it has a significant impact on the costs of other areas. Several data privacy laws impose harsher penalties for failing to report in a timely manner. So the sooner you inform the public, the less likely you are to take damage in the next phase.

Being able to deliver accurate information to authorities is crucial. With Aparavi, you’ll have a much clearer idea of how many records or files were affected, and you can deliver more accurate reports to start the notification process.

Post-Breach Response

Similar to what happens when there is a natural disaster or unexpected tragedy, your business will need to set up a post-breach response unit that can field questions from concerned customers, determine how to shore up your defenses in the future, and deal with regulators.

The Ponemon report also looks at the impact of fines in this phase, since it’s here where regulators are likely to assess fines according to the total extent of the breach. The exact amount of fines you may face depends on which laws apply to your business, the number of records that were lost or stolen, and the level of negligence vs compliance from your organization.

For instance, the GDPR does not consider the number of records in assessing its fines, focusing instead on the type of rule broken, how well the company cooperates with the GDPR, and how preventable the breach was. Either way, the maximum fine could be as high as €20 million, or 4% of the company’s annual global revenue.

Lost Business

Quietly the largest item on the expense list is lost business. Clocking in at about 36% of the total damages, IBM singled this component out as the most difficult to measure and simultaneously the largest expense. Lost business is caused by several factors in the breach management process.

First, there is a significant disruption to regular business activities that leads to a loss in productivity. Systems may have to be taken offline while you analyze them to prevent further theft, which can limit your ability to conduct regular operations. But that’s not where the bleeding stops.

While dealing with a breach, you’re unlikely to lure in new clients who would rather stay away. Furthermore, as word gets out, your company’s reputation takes a serious hit. Customers are more concerned these days about their data, and if individual records were stolen you can expect a loss in sales to follow.

Prevention Saves Money

Just like how preventative medicine is cheaper than medical intervention, protecting your data keeps you from facing the brutal expense of a breach. While breaches are impossible to completely mitigate, using a smart data platform can help to prevent their spread. Good data management practices can limit the damage done in the first place and make diagnosing a breach much easier.

If your data management isn’t ready for cybercrime, then it’s time to consider switching to an industry-leading smart platform. Aparavi can help you manage your data and keep it safe from predators. Talk to Aparavi’s sales team to schedule a Data Audit and see what our platform can do for you.