The Costs and Consequences of a Data Breach

When someone breaks through security measures to illegally access data, it’s called a data breach. If the breach results in data being lost, the costs and consequences for the companies that hold the data and the individuals whose data is stolen can be significant. Fifty-eight percent of data breaches involve personally identifiable information (PII), such as names, birthdates, financial information, and social security and driver’s license numbers. In 2020, the average cost of a data breach was close to $4 million. Most of those costs are the result of privacy regulations that companies need to follow when their negligence leads to a data breach — not just fines, but also rules about how breaches are communicated to the persons affected. 

Although there are a number of regulations that determine how companies should respond to data breaches, many large companies comply with the General Data Protection Regulation (GDPR) because it is the most restrictive. It requires that users whose data has been breached must be informed within 72 hours of the breach’s discovery. Companies that fail to do so may be subject to fines of up to 4 percent of the company’s annual revenues, depending on whether a good faith effort has been made to implement proper security controls.