Contributed by: Mike Gluck on August 27, 2018.

One of the biggest concerns and expenses companies face today is keeping their data safe from outside hacking attacks. Obviously, there is the monetary loss from a data breach, but the damage to a company’s public image and the loss of trust by their clientele can also be a damaging effect of a breach. A benchmark study performed by Ponemon & Accenture estimates breaches cost businesses an average of $11.7 million (US) per year. Other studies show lower numbers, but no matter how you view it, a hack is expensive. The Ponemon study also found that nearly 3 billion records were leaked in publicly disclosed incidents, which threatens the identity information of the clients included in the breach.

Let’s take a look at some of the other factors that affect the cost of a security hack.

Factors That Affect the Cost of a Security Hack

  • Industry
    Investments in cyber security are at an all-time high. Understandably, financial services experience the highest cost of cyber crime. When financial services are hacked, people lose money and those people litigate and also take their money elsewhere to be safeguarded, which increases the cost of a data breach.
  • Location
    Costs vary greatly from country to country. The United States currently spends the greatest amount on security because of the level of technology integration in our society. The United Kingdom, Australia, and Germany follow close behind.
  • Type of Attack
    Malware and web-based service attacks are the most expensive. Ransomware follows close behind and are on the rise more than any other attack. Botnet attacks are usually the least expensive.
  • Dwell Time
    The average time to resolve malicious insider attacks is 50 days. Ransomware attacks take an average of 23 days. The longer it takes to discover and contain, the more expensive recovery will be because the hacker had time to exfiltrate critical data or inflict damage.
  • Systems Affected
    Most types of attacks like malware and keyloggers focus on data theft. Secure data recovery costs can make up the largest portion of monetary outlays after an attack. Others are more dangerous and can impact critical systems. For instance, ransomware can lock down business-critical applications until the ransom is paid to free them for service again.
  • Types of Data Records Obtained
    PII (Personally Identifiable Information), Compliance standards for PCI (credit cards), Health Care (HIPAA), and European (GDPR) have all been violated or compromised by past attacks.
  • Example Cost Breakdown
    87% of businesses were hit by attacks in 2016. Financial services experienced a $336 per record loss and other industries experienced a $225 per record loss. When we talk about millions of records, that adds up to some devastating figures.
  • Hidden Costs
    Data loss is the most obvious cost because of the loss of revenue opportunity. Loss of consumer confidence also impacts possible future revenue. Deloitte examines hidden costs years after the fact. The largest component of the total cost of a data breach is lost business.

Assessments Help Prevent and Reduce Costs of a Breach

The best way to avoid paying for a hack is to not get hacked. Therefore, you must allocate a portion of your budget to prevention. This is where most companies have focused their investment in the past. Now the trend is moving towards securing the application and data layers, also, instead of just focusing solely on the network.


Estimates show organizations spend 31% of their budget on prevention. Investments in security intelligence systems have the biggest ROI because they prevent the attack before it can reach critical systems or data layers. Organizations with a dedicated response team reduce per capita cost of breaches by $26 .

Start with a health check

  • Perform a threat assessment to determine the most likely damaging scenarios that could take place (examples: Ransomware, virus, insider threat, theft).
  • A risk assessment can also discover areas of weakness that would likely fall under attack if a threat comes to fruition and uncover at-risk system components.
  • Early detection is the key. Monitoring & reporting on the existing environment will aid in uncovering weaknesses before a breach can occur.
  • The next steps should be to create technical recommendations based on the outcome of health checks and develop a business continuity plan for a worst-case scenario situation.

What to Do When Disaster Strikes

Cybercriminals are working more efficiently than ever before. No matter how well you plan, it’s still possible for cybercriminals to find a way into your system. Studies show cybercrime detection and recovery account for 55% of total internal activity cost. On average businesses spend 21% on containment and 11% on investigation. Below are some steps to take after the first notification that a breach may have occurred.

  • Contain
    The first step is always containment, because the longer the containment process takes, the more money you will spend.
  • Remediate
    After you contain the incident, it’s time to respond and recover.
  • Assess
    Assess the damage to the company (financial, reputation).
  • Communicate
    Inform stakeholders, employees, and others affected by the damage about the incident, communicate the necessary information to affected parties, and educate the team.

Sanity Solutions can help you best prepare to prevent a security hack, and quickly contain one if it does occur. We offer a variety of services such as security and risk assessments, as well as data protection, backup, and recovery products and services. We can help prevent future hacking attacks or help with the recovery of attacks that have already gotten through. Contact us today to find out how we can keep your critical systems healthy and your important data safe.