In figures: The cost of getting privacy wrong

Business costs are rising, recruitment is proving a challenge, and cost of living pressures are making consumers less willing to spend. It’s understandable that leaders across industries are carefully scrutinising their outgoings. 

But with the prospect of hefty fines from the regulator, data breaches at an all time high, and loss of reputation with customers, staff and investors, investment in privacy compliance isn’t something that should be cut lightly. 

Ransomware attacks alone have surged in recent years – the Verizon Data Breach Investigations Report, for example saw a rise of 13% in 2022, equal to the past five years combined. A UK logistics company has even gone into administration blaming a major ransomware attack in June for damaging its ability to secure investment.

Considering that 88% of all data breaches are caused by human error, the right privacy compliance programme can dramatically reduce your chances of having a problem. 

But don’t just take our word for it. Here are 10 other figures to highlight the importance of investing in privacy: 

£17.5 million

The UK regulator, the Information Commissioner’s Office (ICO), has the power to issue fines of up to £17.5 million or 4% of a company’s annual worldwide turnover (whichever is higher) for serious data protection breaches. So far the biggest fine issued by the ICO is £20 million to British Airways. Meta is the recipient of the largest ever GDPR fine to date of €1.2 billion from the Irish data protection authority.

$7,500

Doing business in California? Every time a business is found to have an intentional violation of the CCPA they can be fined up to $7,500. Even unintentional violations come with a $2,500 fine. That may seem quite reasonable compared to the ICO but those penalties apply per person affected and quickly stack up. Plus California residents have the right to sue in the event of a data breach caused by failure to maintain reasonable security, receiving up to $750 or an amount representing the actual damage suffered (whichever is greater)  from the court. 

$4.35 million

According to IBM, the global average cost of a data breach reached $4.35m in 2022. That includes expenses such as ransom payments, lost revenues, business downtime and legal fees. Almost two thirds (60%) of organisations that have experienced data breaches have gone on to raise their prices because of such costs. 

£125

IBM’s number crunching found that customers’ personal information was the most frequently compromised type of record and the costliest – it cost on average £125 ($150) per record. When you consider that more than 79 million records were compromised across 73 security incidents in August 2023 alone, that’s a considerable amount of money. The good news is that as both email and phishing scams rely on human error, the odds of their success can be reduced with good privacy training. 

7.5% decline in stock value

Publicly traded companies suffered an average decline of 7.5% in their stock values after a data breach. It took 46 days on average for that price to recover to pre-breach levels. But many were unable to reach that same price again.

33% lose customers

Data breaches severely damage consumer faith in a business. A third (33%) of organisations say they’ve lost customers after a breach. When asked directly, four in 10 consumers say they’ll never return to a business after a security issue.