When discussing data breaches, it’s common to only refer to the data or “records” that were exposed. However, there is also a very real monetary cost to any data breach which is not always considered.
Why Do Data Breaches Happen?
There are three main categories of data breach causes: human error, malicious attack, and system glitches.
Thanks to the recent IBM Security report on the costs of data breaches, we can see that it is rarely the tech side of things to blame. 75% of the time, it’s the person using the technology that’s at fault either through human error, or some form of malicious attack.
Calculating the Cost of Data Breaches
There are many factors to consider trying to calculate how much a data breach is likely to cost, but fundamentally we can break it down into four key areas:
On top of those key points, there are a couple of other factors we can take into account. For example, the cost per record varies by country and industry.
Then there’s the type of data itself. Customer PII (personally identifiable information) is the costliest and by far the most compromised type of data.
But across the board, we can see the average cost per record for small to large data breaches clocks in at an unnerving £109.
Recent Data Breaches and How Much They Cost
Here’s a look at some bigger data breaches we’ve seen since 2020, and how much they’ve cost the company.
Facebook, April 03, 2021
533 million Records
Estimated cost: £2.7 billion
Type of data exposed: phone numbers, date of birth, locations (inc. historic data) full name, some email addresses.
In early April 2021, the personal information of more than half a billion Facebook users was leaked. Facebook declined to notify impacted users (potentially as a cost-saving exercise, as we know that notification and ex-post response are two of the key areas) after their data was scraped by exploiting a vulnerability in a now disabled feature.
Microsoft, January 22, 2020
250 million Records
Estimated cost: £1.3 billion
Type of data exposed: email addresses, IP addresses, chat logs.
2020 was hardly started before Microsoft announced a major breach. While they didn’t cover figures, estimates peg the exposed record count at 250 million. Those records contained email and IP addresses, as well as chat logs between support staff and customers. Microsoft admitted this breach was the result of a “misconfiguration of an internal customer support database”.
EasyJet, May 12, 2020
9 million Records
Estimated cost: £37 million
Type of data exposed: credit and debit cards
In May 2020, EasyJet announced 9 million customer records had been accessed in what they described as a highly sophisticated cyber-attack. This attack came at a bad time for EasyJet, as the pandemic’s impact was starting to take hold and involved credit card data. It also led to 10,000 people joining a lawsuit against EasyJet. Depending on the outcome of this case, the £37 million estimations may move into the billions, as each of the victims may be entitled to £2,000.
Marriott, March 31, 2020
5.2 million records
Estimated cost: £37 million
Type of data exposed: names, address, some phone and emails
Marriott hotel revealed 5.2 million guests had had their data exposed after hackers obtained the login details of two employees. This was on top of an earlier breach in 2018 when one of Marriott’s subsidiaries was hacked, revealing millions of unencrypted passport numbers and credit card records.
What Can Your Business do to Mitigate the Impact?
Businesses no matter the size are not immune to a data breach. Be it carelessness or malicious intent, when you have people interacting with machines, there will always be weak spots. There is also an abundance of people willing and able to exploit those weak spots.
It’s not all doom and gloom though because there’s plenty of things that your business can start doing right away to reduce the likelihood of a data breach.