The True Cost of a Data Breach to Your Small or Medium-Sized Business

You may have heard a number of horror stories about data breaches. A recent report stated that, on average, companies stand to lose up to $7.01 Million due to replacing technology, customer turnaround, loss of productivity while the systems are down, and labor to diagnose and resolve the problem.

Depending on the size of your company, and the amount of earnings your organization makes will determine how devastating a data breach can be to your revenue.

Although there are very few stats that are published about small businesses, the following 9 costs related to a data breach should give you a better idea of where you stand if a crisis situation were to arise for your business. After reading this report, you will have a better understanding of how fast the cost of a data breach can add up.

Below are the 9 main areas where you will see an immediate monetary loss in the event of a data breach.

Loss #1: Network Analysis

The moment you think that your system has been breached, there’s a lot of research involved to figure out if it was a real breach, as well as the extent of the breach. You must determine exactly how much information has been lost or stolen, and what information was sensitive and should be taken seriously.

At this point you will require a “Digital Forensic Examination” which takes a very long time. It also requires someone with a very specific skillset. This will typically cost you $400 to $600 per hour.

Loss #2: Outsourcing

Usually business owners will decide to bring in a cybersecurity expert after they’ve experienced a breach. At this point you will need to fix your weakened network and implement new safety measures to guarantee a breach doesn't happen again. This “Reactive” approach to IT security will typically cost between $4,400 and $19,400.

Loss #3: Customer Support

In many states, companies are legally obligated to pay for their customers’ credit monitoring for one year after a breach has occurred. There’s a good chance that your customers will experience a data breach of their own if sensitive information has been lost.

This will typically cost between $120 and $250 per customer for one year. Depending on the type of business you have, that can add up fast.

Loss #4: Customer Call Center

Although this isn’t required, after a breach you will be bombarded with calls from all of your current and previous customers. They will want to know exactly what information has been breached and how they can protect themselves.

By providing a phone number that is directed to a call center, you can get back to fixing and maintaining your business.

Loss #5: Professional Legal Support

It’s vital that you consult legal support in the event of a breach. You must find out what your next steps are to protect you and your business from potential lawsuits, and how you should report the incident. In many states, you are required to report the breach to the Attorney General if more than 500 records have been stolen or lost.

Loss #6: Employee Time

Every time a business has a data breach they lose countless hours of employee productivity. This is extremely stressful because time is money, and everyone is rushing to get the network back up as fast as possible. Even something as simple as notifying customers of the breach takes an enormous amount of time.

Loss #7: Customers Run for the Hills

There will be quite a few customers who will leave your company after a data breach. Fair or not, you will be considered unprofessional by a select few. It’s the price that you must pay for not being proactive.

Loss #8: Your Competitors Win

If you were about to close a deal with a few new customers, you’ll find that they’ll suddenly stop returning your phone calls. This is because they view your company as too risky after a breach, and will choose a competitor who hasn’t suffered such an unfortunate mishap.

Loss #9: A Tarnished Reputation

There really is such a thing as “Bad Press”, and it’s the kind of press you'll get after a data breach. There will be (what seems like) endless conversations surrounding your breach. From Yelp to word-of-mouth, people will be talking about your unfortunate circumstance.

I know we’ve always been told that all publicity is good publicity, but that’s just not the case during a data breach. The reputation that you’ve worked so hard to maintain will be instantly demolished.

Some of The Biggest Data Breaches in 2016

Even the largest companies are vulnerable to breaches.  Larger enterprises have much more data, and tend to be a bigger target for hackers because of how much data they have.  The site blog keeps a list of the largest data breaches which took place in 2016.


On January 25, 2016 the FACC, an Austrian-based aerospace parts manufacturer who builds parts for clients like Airbus and Boeing, announced that they were hacked.  The criminals seemed to ignore the companies intellectual property, opting instead to steal $54.4 million dollars.

University of Central Florida

On February 8, 2016 the University of Central Florida  announced a data breach that affected approximately 63’000 current and past students, employee’s, and other staff.

U.S. Department of Justice

On February 29, 2016 it was reported by CNN that hackers released data on 10’000 Department of Homeland Security employees one day, and then released data on 20’000 FBI employees the following day.

Verizon Enterprise Solutions

March 25, 2016 A division made for providing IT services and data breach assistance to businesses and government agencies around the world, Verizon Enterprise Solutions, was itself breached by hackers who stole the information of nearly 1.5 million customers.

MedStar Health Inc.

On March 30, 2016 The FBI investigated a computer virus that paralyzed MedStar Health-operated hospitals in Maryland and Washington.  Officials are trying to determine whether the virus was ransomware, which holds a company’s data ‘hostage’ until a specific dollar amount is paid.

More Data Breaches Expected

Experian’s annual Data Breach Forecast  is a great insight for cyber and risk analyses professionals, especially in the healthcare industry reports Dominic Paluzzi, a cyber security expert for, and shows that 2017 will see an even further uptick in cybercrime.

The Takeaway

As a small or medium sized business owner, a data breach can “kill” your business. The cost associated with a breach is often too much to recover from. The handful of clients you have may dwindle down to about 50%, and the remaining half will lose faith in your abilities.