How the consequences of a data breach threaten small businesses


July 10, 2019

News stories about data breaches are sometimes difficult to avoid and even more difficult to digest. Data is increasingly valuable to businesses—especially data related to customers and payments.

Criminals find that data valuable, too. Data that businesses rely on to serve their customers better is also the target of criminals to use fraudulently. That puts an uncomfortable target on the back of any business that accepts credit and debit card payments.

The Ponemon Institute’s 2018 Cost of a Data Breach Study found that the average cost of a data breach globally was $3.86 million, a 6.4% increase over 2017. Even the smallest data breach can have big impact: the report found that the average cost per lost and stolen record in 2018 was $148.

Small business owners need to grasp the consequences of a data breach to properly assess risk. Small businesses often mistakenly believe that they’re too small to be a target and don’t prepare. That lack of preparation creates vulnerabilities for criminals to exploit.

Running a small business requires the ability to understand, anticipate and guard against risk. Understanding risk requires a clear-eyed view of the consequences of a data breach. This short overview offers straight talk on the short-term and long-term consequences of a data breach for small businesses.

The short-term consequences: Fines, fees and frustration

If your business accepts credit and debit cards you’re likely familiar with the chargeback process. In addition to processing legitimate customer issues, the chargeback process is also where the costs of fraud are strikingly clear.

The immediate consequences of a data breach are less well known, but can be every bit as damaging to your bottom line. A host of direct financial consequences often fall directly on businesses in the wake of a data breach:

  1. Direct fines and fees. The Payment Card Industry Security Standards Council may impose fines and penalties as a result of a data breach. Additional fines will vary depending but may come from both regulatory agencies and card network brands.
  2. Forensic investigations. One of the consequences of a data breach is that the business that was attacked will be responsible for performing a forensic investigation in order to determine the causes of the data breach. These investigations often yield valuable evidence and insights that help prevent future data breaches. In the short term, however, these investigations can be costly.
  3. Future security costs. Businesses that are the victim of a data breach may incur costs related to mandatory credit monitoring for customers whose data was compromised. Those remediation efforts may also include the costs of card replacement, identity theft repair and additional compliance requirements from the Payment Card Industry.

The long-term consequences: Loss of trust and diminished reputation

Perhaps the biggest long-term consequence of a data breach is the loss of customer trust.

Your customers share their sensitive information with businesses like yours assuming that you’ll have the proper security measures in place to protect their data. A 2017 PwC study examined consumer sentiment around cybersecurity and privacy risk reported that 92% of consumers agree that companies must be proactive about data protection.

A good reputation is often a company’s most prized asset as a business must work constantly to build and maintain the integrity of its brand. However, one compromising episode like a data breach can tarnish even the best of reputations. The PwC report found that 85% of consumers won’t shop at a business if they have concerns about their security practices.

However, businesses can and do recover from the consequences of a data breach. Yet the loss of trust and diminished reputations that data breaches cause can be measured directly on your bottom line. A 2019 Verizon study suggests that data security and privacy are essential to maintain customers. 69% of survey respondents would avoid a company that had suffered a data breach. 29% of those surveyed would never visit that business again.

Understanding the consequences of a data breach is an important first step on the road to safeguarding your business. The next step is creating an action plan so you can protect what you’ve worked so hard to earn.

Worldpay is a payment technology leader that can help protect your business with secure transactions that minimize fraud and reduce risk. Connect with one of our payment security experts today to learn how Worldpay can help your business reduce the risks of a data breach.