Each year, Verizon publishes a new Data Breach Investigations Report which reveals the latest security trends. In 2018, the report uncovered this shocking statistic:
58% of those who reported a data and security breach in the past year were small businesses.
If your website were to end up as one of the ones affected, could your business afford the cost of a security breach?
How Much Will a Security Breach Cost Your Business?
If you don’t proactively secure your site, the damage of a security breach will be costly (we’re talking thousands of dollars, at least). That’s because it’s not just a matter of money. It’s a matter of time, productivity, and confidence you’re apt to lose, too.
To give you a clearer idea of why the cost of a security breach is so high, here is a breakdown of what happens in the wake of one:
Cost #1: Undetected Infection
If your website has been hacked, that means it is a threat to your business as well as to anyone who dares visit it. And if the type of threat is less than apparent — like a malicious link planted in a comment or a fake (phishing) page embedded on your site — lots of people will be put in harm’s way.
Unless your website accepts credit card information or processes sensitive customer data, it can be hard to know when your site is under attack. That is, if you don’t have a monitoring system in place.
The last thing you want is to rely on website visitors or customers to serve as the alarm system. It’ll lead to a break in their trust, which will mean big losses for your business.
Cost #2: Cleanup and Recovery
Cleaning up a hacked website is no easy matter. You have to:
- Figure out where the hacker got inside your site and fix the vulnerability.
- Scan your website, database, and server to identify the type of breach and repair the damage done.
- Review any interactions you, your team, or visitors may have had with the breach (even if it was just clicking on a link).
- Perform a security scan and cleanup any potentially affected devices.
That’s why many small businesses end up having to hire a third party to step in and clean up a breach and get their site back to safety. Unless you know your website inside and out and have the technical skills to repair a breach, you need to factor in the cost to outsource the work.
Cost #3: Security Software
After a breach, your developer/cleanup pro is going to want to implement a security scanner, firewall, SSL certificate, anti-malware and spam software, as well as other security measures. Let them do this if you don’t already have essential security software in place.
You’ll have to pay for both the time to implement as well as the software, but putting this in place now decreases the likelihood (and costs) of another security breach.
Cost #4: Downtime
Even if a hacker doesn’t take your website down, if the damage is severe enough, your developer will have to take the site offline while it gets repaired.
How many visitors, leads, or customers does your site get in a day? And what does that mean in terms of lost opportunities if your site is offline for 60 minutes? How about 24 hours?
Cost #5: Missing Backup
Another thing that drives up the cost of a security breach is the status of your website backups. If you don’t have any backups stored, or the most recent copy was saved too far in the past, the cleanup and recovery of your website will take even longer.
With a reliable backup system, your developer can instantly roll your site back to a safe version. That way, there’s little to no downtime. It also prevents the developer from having to wipe the slate clean and rebuild the infected pages or, worse, your entire website from scratch.
Cost #6: Penalties
Because there are different types of security breaches on the web, different parts of your site, business, and audience may be affected. Depending on the severity of the damage, you could be held liable for it.
If other websites on your shared hosting server become infected, your web hosting company has the right to kick your site off of their server. Without a server, your website will have to go offline until you find a new web hosting company to work with.
If your website carries a nasty enough infection or it takes the form of SEO spam, Google could very well blacklist your website from search. And it doesn’t stop there. Google will share that data with web browsers, antivirus software, and other search engines to ensure your site is blocked everywhere, resulting in losses of up to 95% of your traffic.
If your website accepts any sort of confidential, financial, or otherwise sensitive information, and any records are compromised, expect to pay a few hundred dollars for each one to compensate the victims of the breach.
Cost #7: Your Business
Think about what a security breach and all the associated work and costs is going to do to you in the long run. Forget about lost productivity, focus, and sleep — those are a given. What about the harm done to your business’s reputation for letting something like this happen in the first place?
Salesforce’s State of the Connected Customer report in 2018 demonstrates how one visitor shaken up by their encounter with a hacked site or disappointed by no website at all can easily spread word to others:
If over 60% of visitors or lost leads spread the news to even just a few others, what does that mean for your business?
The Bottom Line: You Must Protect Your Website
Look around you — at your competition, your community, heck, even the other small businesses operating next door. Based on Verizon’s report, 3 out of every 5 small businesses you know could realistically suffer a security breach this year.
For a long time, small businesses felt sheltered from this type of threat. “We’re too small to get noticed” is no longer a viable excuse.
Hackers don’t just go after dollar signs. Many of them simply want to wreak havoc around the web, and will eagerly step inside any website with a weak point of entry to do so.
Your website is a valuable piece of your business. Hackers see it that way, too — just not in the way you envisioned when you created it.