Best Reviews logo
Best Reviews may receive compensation for its content through paid collaborations. See how we sustain our work & review products.
The Costs of a Data Breach for Small Businesses

The Costs of a Data Breach for Small Businesses

By István F.István F. Verified by Adam B.Adam B. Last updated: December 12, 2024 (0)
Table of contents

It may sound like science fiction, but if businesses such as Equifax, LastPass and Deloitte (to name just a few) can get hacked, then any business is a potential target. Just to throw in some numbers, in 2016 alone there were 4.2 billion records stolen due to data breaches, and these are only the ones that have been publicly announced by companies.

Along with quantifying the number of records stolen, how much can a data breach cost a business? According to a Ponemon Institute analysis sponsored by IBM, the average total organizational cost of a data breach reached a new high in 2017 with $7.35 million, up from the $5.40 million recorded in 2013, and up 5% when compared to 2016.

According to the study the average cost for each lost or stolen record containing sensitive information increased to $225 from $221. That’s a 2% increase in cost per record. Hackers obviously target higher-value targets like health records, which may be worth as much as $50 on the black market for a complete record. A credit card or social security number, meanwhile, will only sell for as low as $1.

What makes the stolen data valuable? The potential to social engineer the person whose information was sniffed during the breach.

Certain industries are more prone to hacking, too: financial, life science, health, technology and service organizations all experience a relatively higher rate of data breaches compared to the public sector or entertainment organizations.

This means that in the health industry, for example, the cost of a breach can reach as high as $380, with the financial sector coming in at $336. Compare this to the public sector, where the cost of data breach is only $110, according to the Ponemon study.

The average cost of a data breach includes direct and indirect expenses that the organization incurs as a result. Some examples of these are:

Direct expenses

  • Forensic experts
  • Outsourcing hotline support
  • ‘Apology’ services, such as free credit monitoring subscriptions and discounts

Indirect costs

  • In-house investigations
  • Communications
  • Extrapolated value of customer loss

What can small businesses do to protect themselves?

Don’t fall into the trap of thinking that the data your business collects is not valuable: a business’s treasure trove is the data that employees collect. Small business owners need to understand the exact value of the data that they have and what would be of value to hackers if a breach did occur, as well as ensuring they protect the high-value personal data of their employees. As a first step, SMB owners should be aware of where this data is stored and start personalizing security programs and access levels with the protection of this unique and valuable information in mind.

How can business owners reduce breach costs?

This is where the Ponemon study is helpful once again since it identifies a pattern for the surveyed U.S.-based small businesses: 52% of incidents involved a malicious or criminal attack, 24% were down to negligent employees and another 24% were due to system glitches that included both IT and business process failures.

60% off RoboForm for Best Reviews readers
RoboForm logo
Commit to RoboForm using Best Reviews' exclusive discount and enjoy a discount of 60% off the regular price.
/goto/roboform/ Click to show code

Also, this security risk increases if employee password management is not controlled. Just think about the weak passwords that most people create – thanks to the pattern called transformations – and the unfortunate habit of re-using that same password for numerous different accounts.

In order to address these issues and lower the security risk, there are just a few simple things to keep in mind: have a good password policy, educate employees on the latest cyber security threats, and monitor the network and data assets for vulnerabilities.


Best password managers of 2025

Editors' choice
RoboForm logo
Editor's rating:
(4.5)
Effective security center
Passkey compatibility
Intuitive and organized interface
Affordable prices
Families
LastPass logo
Editor's rating:
(4)
Logical interface
Automated password categorization
Advanced mobile version
Various two-factor authentication options
Businesses
1Password logo
Editor's rating:
(4)
End-to-end encryption
Secure authentication method
Data breach alarms
One-time password support
Security features
Keeper logo
Editor's rating:
(4.5)
Robust security
Wide range of platform support
Affordable
Great customer support
Personal use
NordPass Personal logo
Editor's rating:
(4.5)
Strong security features
Effective password generator
Excellent free version
Attractive price
Password sharing
Dashlane logo
Editor's rating:
(4)
Password changer
Built-in VPN
Flawless data import
Thorough iOS/Android app
Local storage
Enpass logo
Editor's rating:
(4)
Packed with features
Free for desktop users
Offline password manager
End-to-end encryption

User feedback

 Leave a reply

Your email address will not be published. Required fields are marked *


Best Reviews

Best Reviews may receive compensation for its content through paid collaborations and/or affiliate links. Learn more about how we sustain our work and review products.

©2012-2025 Best Reviews, a clovio brand – All rights reserved
Privacy policy · Cookie policy · Terms of use · Partnerships · Contact us