In 2013, reported data breaches reached an all-time high—at least 740 million records were compromised. Press Release, Online Trust Alliance (OTA), Online Trust Alliance Finds Data Breaches Spiked to Record Level in 2013; 89 Percent Could Have Been Prevented (Jan. 22, 2014). Businesses understandably are concerned because these breaches can be enormously costly. In 2012, for example, the average total organizational cost of a data breach to a U.S. company was over $5.4 million. Ponemon Inst., 2013 Cost of Data Breach Study: Global Analysis 5 (May 2013). Recent events illustrate that for large companies experiencing a major data breach, the loss may be much greater. According to the OTA, 40 percent of the largest data breaches to date occurred in 2013. OTA, 2014 Data Protection & Breach Readiness Guide 4 (Jan. 22, 2014). The recent data breach at Target Corp. offers a stark example: Some analysts estimate that Target’s breach may end up costing the company close to $1 billion.Smaller firms fare no better against breaches and have less ability to absorb losses. The cyber-security forecast for U.S. businesses is dark.
While no amount of planning or employee training can eliminate entirely the risk of a data breach, there are six steps businesses can take prior to a breach occurring that may lower the risk of loss significantly.