According to a joint Duo Security and Ponemon Institute study, the average cost of a data breach in the U.S. has grown each year since 2012. In 2014, the annual average cost of a breach was $12.7 million, a year-over-year growth of nearly 9.5 percent. The cost of a data breach ranges anywhere from $1.6 million to $61 million during this time frame. 


A separate IBM study found the average cost paid for each piece of sensitive information or record stolen also increased 9 percent year over year, as organizations paid $145 per stolen record in 2014. IBM's data highlights the severity of the situation for any consumer-facing business: It's time to get serious about bolstering payment security.


Small to midsized businesses must improve payment technology


Though the most recent high-profile data breaches have impacted enterprise-sized organizations, it's not safe to say small and midsized merchants are impervious to being hacked. Duo Security data revealed the per capita cost of a data breach for small businesses was more than $1,500, a stark contrast from the $517 it cost larger companies. Not only are smaller businesses less liquid, it takes more time and resources to recover their losses. Business expenses such as labor, productivity loss, overhead and software upgrades add up quickly for a local merchant. 


It takes an average of 45 days to fully recover from a breach, with each day costing nearly $35,500 for larger organizations. That, coupled with the lost revenue from potential closing shop can dramatically impact a business's bottom line. While it's challenging to completely prevent against a data breach, small businesses can proactively mitigate against a cyber attack and protect themselves from serious financial harm by updating network security and improving overall technological infrastructure.


Updated payment technology can dramatically improve network security and general business oversight. According to IBM's research, the following factors decreased the cost per record of a data breach in 2014:


  • Strong network security decreased the cost of a stolen record by $14.14
  • Incident response plans lowered compromised data by $12.77
  • CISO appointments decreased the cost per record by $6.59


IBM also found the involvement of business continuity management involved in a recovery effort was a factor in reducing costs. In fact, businesses that developed a reformative plan of action were found to have lowered the average cost per stolen record by nearly $9. While it's difficult to predict whether or not a given business will be breached, companies with a firm response plan and up-to-date network security can mitigate against a potential threat and reduce the likelihood of significant damage before it ever occurs.


Certain industries are more at risk
No specific business or vertical is impenetrable when it comes to a potential data breach. Duo Security research did find, however, that certain industries may be more susceptible to a possible cyberattack because of the severity of information at stake. For example, the energy and utilities industry, defense industry and financial services industries all incurred costs of more than $20 million. On the other hand, consumer products, health care and hospitality experienced breach costs of less than $7 million each.


Partnering with the right payment processor, bolstering a network security system and developing business continuity remediation can all help a company mitigate against potential fraud. Merchants in certain industries may incur higher costs than others, but it's critical for all businesses today to protect against a potential cyberattack, regardless of the potential damage they face.