Lets face it, data protection costs money. Whatever kind of system or systems you put in place, whatever expertise you bring in, whether it's a big investment or a smaller one, there's expenditure involved.
In straitened economic times, it's easy to baulk at the idea of adding another cost to your overheads, particularly if you are a small or medium sized business (SMB), but also if you're a larger enterprise.
But there's more than one kind of cost, particularly when it comes to data protection. And, interestingly, the cost of investing in new solutions may actually be less than it first appears.
A growing trend
According to analyst firm Gartner, global spend on information security products and services will reach $81.6 billion by the end of 2016 - an increase of nearly 8% on 2015. The majority of this spend will be on data loss prevention, as well as IT outsourcing and security testing, with this remaining the case until at least 2020.
That doesn't mean security solutions are necessarily becoming more expensive, though. Instead, organisations, whatever their size, are increasingly waking up to the reality that facing a data breach of some kind is almost inevitable.
The UK government's Cyber Security Breaches Survey 2016 (released in May) found 24% of all businesses had detected one or more cyber breaches in the past 12 months. Almost two-thirds (65%) of large businesses had faced at least one cyber security breach or attack in the past year, with 25% of these saying they experienced a breach at least once per month. Medium-sized businesses were not that far behind, though, with 51% detecting one or more breaches over the same period. One third of small firms and 17% of micro firms also reported they had encountered such an issue.
There's also the additional challenge of hybrid IT, which 91% or organisations already use, according to a survey by Solarwinds. This means there's not just data stored in on-premise infrastructure to look after, but also some whether it's a little or a lot stored in the cloud. This dual-landscape scenario can, without the right tools, be much harder to manage, as there's no single view of all the data a business holds.
With this in mind, the need to invest in appropriate data protection measures and tools is clearly more pressing than ever.
Measurable and immeasurable cost
When it comes to counting the cost of data protection, there are certain hard figures that are easy to measure. For example, under the Data Protection Act any organisation processing personal data (e.g. individual customer payment details or payroll) must register with the Information Commissioner's Office a process that in the majority of cases costs 35, although it may be more under certain circumstances.
This registration fee is likely to continue under the European General Data Protection Regulation (GDPR), which comes into force in 2018 irrespective of Brexit and replaces the DPA.
Registration fees aside, GDPR lays out some very hard figures for the cost of a data breach. In the most serious cases, organisations face fines of up to 4% of global revenue or 20 million, whichever is greater. While this will be a substantial amount for large multinationals, the proportional impact could be even higher for SMBs. Indeed, the fact that these organisations operate on such tight margins means even a fine of less than 4% could put them out of business.
There are also the intangible costs of lost revenue through downtime, staff being kept from carrying out business tasks while a breach is resolved, and lost business due to reputational damage.
How is it possible to square this scenario with the inevitability of a breach, then? Well, there's a reason the 4% fine applies only to cases where there's been a blatant and reckless disregard for security. If a business can show it took every possible precaution and all steps to resolve the issue as quickly as possible, then the penalty will be much smaller or, indeed, there may be no penalty at all. This, in turn, can reassure customers that the business they're dealing with is a safe pair of hands even if (or when) it does suffer a breach.
So while it can be difficult to estimate the capital cost of investing in data protection systems, as it will vary from business to business, the cost of failing to do so will inevitably be higher when your data breach finally comes knocking on your door.
Need help planning your disaster recovery? Click here to read the whitepaper.
This is an independent article written by IT Pro, sponsored by SolarWinds MSP to celebrate thought leadership in IT. Learn more about SolarWinds MSP's Backup & Recovery and enjoy a free 30 day trial by clicking here.
