Skip navigation
What Is the Real Cost of a Breach?
Video

What Is the Real Cost of a Breach?

WSJ’s David Breg and Rob Sloan discuss how understanding the costs of a breach can help companies organize defenses and prioritize investments.

WSJ Video, 2020


Editorial Rating

8

Qualities

  • Scientific
  • Concrete Examples
  • Insider's Take

Recommendation

Data breaches are increasingly common, in all types and sizes of businesses. Attacks may prove inevitable over time, but expert research and preparation can result in less damage to bank accounts and company reputations. This Wall Street Journal video report cites the Ponemon [Institute]’s research regarding data protection and system security, along with information from other organizations that deeply evaluate breach costs.

Summary

A data breach creates both direct and indirect costs.

Preparing for and preventing breaches involves charging key stakeholders and management personnel with designing effective defenses. Determining intangible breach costs presents a challenge. Other, more direct costs are easily calculated. Few studies to date have outlined detailed breach costs because each scenario has many components.

Reacting before a data breach escalates could mitigate damage, but many are not detected for at least 200 days, allowing attackers a solid head start. Businesses often hire third parties like forensics and assessment specialists to guide them through the process. While larger companies often employ specialists experienced in cyberattacks, most benefit from bringing in public relations experts to handle communications with stakeholders, management, board members and data-compromised customers during a crisis. Government regulators and investigators will need to get involved in the response plan. Companies can calculate the cost of such services and allow for costs covered by insurance.

Longer-term costs include lost revenue...

About the Speaker

David Breg is senior research manager at Wall Street Journal Pro, where Rob Sloan is research director.


Comment on this summary