SMBs that make public disclosure of data breach are likely to suffer 40% less financial damage: Survey
A new Kaspersky survey aims to highlight a correlation between the way a data breach is revealed and the total financial losses an organisation suffers following the incident.
Will a public disclosure of a data breach have a severe financial implication on a business? The answer is no, if a new survey from global security firm Kaspersky is to be believed.
Kaspersky’s new survey ‘How businesses can minimize the cost of a data breach’ suggests that SMBs that choose to voluntarily inform their stakeholders and public about a data breach, on an average, are likely to suffer 40% less than their peers that saw the breach reported by the media. The trend is the same for enterprises, according to the survey.
The Kaspersky Global Corporate IT Security Risks Survey (ITSRS) is based on responses of a total of 5,266 IT business decision-makers across 31 countries in June 2020.
According to the survey, costs for SMBs that disclose a breach are estimated at $93,000. Peers that had an incident leaked to the media suffered $155,000 in damage. For enterprises, those who voluntarily informed the public about the data breach suffered less financial damage (28%) than those whose incidents were leaked to the media.
The survey further points out that less than half (46%) of businesses reveal a data breach proactively. About 30% of firms chose not to reveal the incident. Almost a quarter (24%) of companies to tried to hide the data breach but eventually, it got leaked to the media.
“The survey further proved that risks are especially high for those companies that couldn’t immediately detect an attack. 29% of SMBs that took more than a week to identify that they had been breached found the news in the press, which is double those that detected it almost immediately (15%). For enterprises, these figures are similar at 32% and 19% respectively,” Kaspersky said.
It is worth noting that many firms indeed try to hide a data breach rather than informing the public about it in a timely manner. Kaspersky in its release highlighted the case of Yahoo wherein the company was fined for not informing their investors about the data breach. Uber has also faced a fine for trying to hide a data breach incident.