What Is Cybersecurity Cost vs. Average Cost of a Data Breach?

Small and midsized businesses (SMBs) represent more than 40% of the total cyberattack target landscape. Yet, very few small businesses have an appropriate cybersecurity budget. Unless their business is a tech company, small and midsized business owners are so focused on driving their business’s day-to-day operations that they fail to focus enough on their cybersecurity risks. Then they’re blindsided by an attack and must scramble to address the threat after the fact. Unfortunately, the average cost of a data breach is more than $200,000, and as a result, many companies go out of business from a cyberattack.

To make matters worse, the increase in ransomware attacks has made it difficult to calculate the costs of an attack because you never know how much ransom the hackers will demand and how long the businesses take to pay ransoms. The FBI warns, “The best insurance against a cyberattack is never to have one.” Having offsite, tested data backup helps protect you from having to pay a ransom to get your data back.

Q: Why is it important for small businesses to invest in cyber defense, even with a limited cybersecurity budget?

A: Small businesses often operate on tight budgets and may see cybersecurity costs as a non-essential expense. However, the cost of implementing even basic cybersecurity for companies, such as firewalls, antivirus software, employee training and secure backups, is usually far less than the financial and reputational damage and ongoing liability caused by a cyberattack. A small upfront investment in cybersecurity can prevent significant losses and downtime later.

What Is the Average Cost of a Data Breach?

Cybercrimes have increased by more than 400%, and cybersecurity budget or not, hybrid and remote-access work has forced SMBs to take a closer look at more effective ways to lock down their business networks and protect employee and client data. Small businesses must now realize that inadequate cybersecurity makes them “low-hanging fruit” for hackers.

All businesses store private, sensitive data. Employee data, proprietary data, accounting, tax and bank documents are all a potential cybersecurity risks – and what cybercriminals look for. Would you be able to complete payroll and taxes if you did not have access to your data or financial accounts? What about access to other essential data such as bids and contracts? Criminals steal this data to resell, hold for ransom or exploit directly.

Also, data related to the other companies you do business with could be compromised. Unless appropriate layers of security are in place, cybercriminals will recognize an SMB’s vulnerabilities and plan their attacks accordingly. Additionally, any device that’s part of your wireless network (cell phones, laptops, tablets, smart devices, etc.) presents a possible entry point for cybercriminals.

With employees working from home, at airports, train stations and anywhere they can get a WiFi signal, every connected device they use presents a cybersecurity risk. Hackers count on users ignoring security protocols and using unsecured public WiFi connections, which constitute a significant source of SMB data breaches. Can your small or midsized company afford a breach of its private data?

Q: What are the typical financial consequences of a cyberattack on a small business?

A: When a small business is hacked, it can face direct costs such as data recovery, legal fees, regulatory fines and ransom payments, if ransomware is involved. Indirect costs may include lost business, reputational damage and customer attrition. According to various studies, the average cost of a data breach for a small business can range from $120,000 to over $200,000, amounts that could shut down many small operations permanently.

Case Study: Growth Gone Bad

A small, multi-office medical practice on Long Island, N.Y., grew from a one-office, family practice to a six-office general practice. The growth of the practice far exceeded the expectations of the founding physicians. However, as the company grew, the medical partners didn’t address their need for expanded cybersecurity measures.

Many office visits were transitioned to televisits, and many of the administrative and clinical staff could work from home. Nobody considered the array of cyber threats posed by the expanded remote access workforce. The office manager had many distractions around the house.

Distracted by a delivery at her front door, the office manager clicked on an attachment to an email that she mistakenly considered to have come from a trusted source. Within the hour, the practice’s network was attacked by malware, and before anyone noticed, the attack had spread systemwide. By the following morning, every employee found frozen office computers, blocked logins and numerous alerts from the limited cybersecurity that had been in place.

IT professionals intervened by the end of the next day. Even though the experts could isolate and secure the threat, it cost the practice significant downtime and money to restore the systems, clear malware and add layers of security to protect against future attacks.

Q: What long-term impacts can a cyberattack have on a small business’s survival and growth?

A: Beyond the immediate financial loss, a cyberattack can damage client trust, which is hard to rebuild. Clients and patients may take their business elsewhere, fearing their personal data isn’t safe. Additionally, recovering from a breach can stall growth, strain employee morale and require costly legal or regulatory compliance efforts or fines and additional scrutiny. Adequately funding your cybersecurity budget helps ensure the long-term viability and reputation of the business.

What Is the Best Cybersecurity for Companies?

Don’t wait for a cyberattack to handle your network's cyber defenses. Businesses are constantly adding new connected devices, and each one is a potential vulnerability. Every device you add to your business network widens the landscape for hackers to attack, which is why it’s essential to hire professional cybersecurity services to perform a thorough cyber risk analysis of your system and help ensure you have appropriate protections in place.

IT security firms are an expense, but cybersecurity recovery costs on a poorly protected network cost far more and can impact operations and productivity for many years after a breach. Cyber defense companies can train your staff on cybersecurity best practices and offer a variety of solutions to meet a wide range of compliance needs. It’s worth adding an ongoing network defense plan to your cybersecurity budget. Connect with us if you are located in the greater New York City area, or find a local cybersecurity firm to get started on affordable managed services for small and midsized businesses.