In figures: The cost of getting privacy wrong

Budgets are tight at the moment but the cost of getting privacy wrong is greater than you might think

By Emma Sheppard


October 2023

Business costs are rising, recruitment is proving a challenge, and cost of living pressures are making consumers less willing to spend. It’s understandable that leaders across industries are carefully scrutinising their outgoings. 

But with the prospect of hefty fines from the regulator, data breaches at an all time high, and loss of reputation with customers, staff and investors, investment in privacy compliance isn’t something that should be cut lightly. 

Ransomware attacks alone have surged in recent years – the Verizon Data Breach Investigations Report, for example saw a rise of 13% in 2022, equal to the past five years combined. A UK logistics company has even gone into administration blaming a major ransomware attack in June for damaging its ability to secure investment.

Considering that 88% of all data breaches are caused by human error, the right privacy compliance programme can dramatically reduce your chances of having a problem. 

But don’t just take our word for it. Here are 10 other figures to highlight the importance of investing in privacy: 

£17.5 million

The UK regulator, the Information Commissioner’s Office (ICO), has the power to issue fines of up to £17.5 million or 4% of a company’s annual worldwide turnover (whichever is higher) for serious data protection breaches. So far the biggest fine issued by the ICO is £20 million to British Airways. Meta is the recipient of the largest ever GDPR fine to date of €1.2 billion from the Irish data protection authority.


Doing business in California? Every time a business is found to have an intentional violation of the CCPA they can be fined up to $7,500. Even unintentional violations come with a $2,500 fine. That may seem quite reasonable compared to the ICO but those penalties apply per person affected and quickly stack up. Plus California residents have the right to sue in the event of a data breach caused by failure to maintain reasonable security, receiving up to $750 or an amount representing the actual damage suffered (whichever is greater)  from the court. 

$4.35 million

According to IBM, the global average cost of a data breach reached $4.35m in 2022. That includes expenses such as ransom payments, lost revenues, business downtime and legal fees. Almost two thirds (60%) of organisations that have experienced data breaches have gone on to raise their prices because of such costs. 


IBM’s number crunching found that customers’ personal information was the most frequently compromised type of record and the costliest – it cost on average £125 ($150) per record. When you consider that more than 79 million records were compromised across 73 security incidents in August 2023 alone, that’s a considerable amount of money. The good news is that as both email and phishing scams rely on human error, the odds of their success can be reduced with good privacy training. 

7.5% decline in stock value

Publicly traded companies suffered an average decline of 7.5% in their stock values after a data breach. It took 46 days on average for that price to recover to pre-breach levels. But many were unable to reach that same price again.

33% lose customers

Data breaches severely damage consumer faith in a business. A third (33%) of organisations say they’ve lost customers after a breach. When asked directly, four in 10 consumers say they’ll never return to a business after a security issue.

If you want more practical content like this article, please click below to sign up for our monthly newsletter.

Sign up now

71% of customers spend less

It’s incredibly important for brands to protect the trust they have with their consumers. Once lost, it’s not easy to rebuild. An analysis by PwC found customers are willing to pay more to buy products or services from the companies they trust. Losing trust is costlier – 71% say they’ll buy less from a business that has lost their trust. 

75% of employees say they’re likely to leave

Trust is also important for employees, particularly those of a younger generation. PwC’s research found 71% of employees are more likely to leave the company if there was a breach of trust, rising to 75% among younger employees. Privacy is one of the values that workers want their employers to prioritise, along with sustainability and mental wellbeing.

Answer our GDPR compliance checklist questions and we will email you an objective, personalised audit report within minutes, completely free of charge.

Get your audit

66% more likely to be breached again

Global research across a wide range of industries found two thirds of companies hit by cybercrime over a 12-month period have been hit more than once. One in 10 have experienced 10 or more attacks a year. Malware and ransomware were the main forms of cyber attacks, both of which may be avoided with the right privacy culture in place.  


When the headlines are often full of multi-million pound fines from the European regulators to global tech companies such as Google, Meta and TikTok, it can be hard to relate. But in September 2023, professional services firm RHAP Ltd was fined £65,000 for making marketing calls without consent, in breach of privacy law.

More to watch and read