Data breaches in 2014 made major headlines as large organizations such as Sony, Neiman Marcus and The Home Depot were compromised. 2015 has proven to be no different with BlueCross, Anthem and Ashley Madison joining the crowd. The biggest issue; however, is that the headlines only show the big fish, ones who can likely recover. What goes unnoticed are the other 1,400+ organizations who have been compromised in the past two years. This has led many C-Level executives of small and medium business to believe they are not an enticing target, likely proving to be a critical mistake.

If SMB’s weren’t paying attention to the monetary impact of a data breach before, the new results of recent studies are sure to raise eyebrows. Many organizations continue to store and process more sensitive data each year without carving out a budget for their risk management plan. Executives in the past have either tried to justify this decision through simple quantitative analysis or chosen to simply ignore the risk of impact.

Based on a worldwide survey conducted in cooperation with B2B International, the average budget required for small and medium businesses to recover from a data breach is $38,000. Some of the factors taken into account are downtime, professional services and damage to a company’s reputation. In fact, data breaches for many small businesses have proven to be the back breaker, as many never recover at all.

It’s not typically as simple as bolting on a shiny new firewall appliance. Risks resulting in data breaches are frequently deeply rooted within the organization, often times being the employees themselves. Layers and layers of perimeter defense can be rendered useless at the drop of a hat as a result of poor risk governance.

SMB’s need to recognize the risk they continue to put themselves at by not addressing the threats and vulnerabilities within their environments. Information security is an ongoing process and always will be. Risk to the organizations assets is what needs to be addressed and the best way to do so is to first measure it. A holistic assessment of the environment should always be a driver for the security strategy and with the cost of data breaches on the rise, organizations can no longer afford to be reactive in approach.

BACK TO BLOGS