Do you understand the real cost of data loss?
Data loss is one of the most common causes of business disruption today—and one of the most costly. When critical files get wiped out, operations suffer and downtime ensues.
Even the loss of a single critical file can create costly challenges for a business. And in the case of a large-scale data-loss event, like a ransomware attack, the recovery costs can sometimes be insurmountable for smaller companies.
1 in 5 small businesses shut down when attacked by ransomware—some of them permanently.
In this post, we examine the actual costs of data loss (and the downtime that results) to underscore the importance of having a robust business continuity solution in place.
How much does data loss cost?
Calculating the average cost of data loss can be challenging, because it can vary widely depending on the size of the business and how valuable the data is. However, there is no disagreement that a typical data-loss event can be tremendously expensive.
Here are some telling figures:
- A 2018 study by Ponemon Institute found that the global average cost of data loss was a staggering $3.6 million, or approximately $141 per data record. However, that research mostly focused on the costs of data breaches, such as theft of personal user data, login information and credit card numbers.
- A leading BC/DR provider estimated that data loss costs U.S. businesses an average of $7,900 per minute during a datacenter outage.
- A recent report by Verizon found that “small” instances of data loss (around 100 lost or compromised records) cost businesses an average of $18,120 to $35,730.
- The same study found that large-scale data loss (100+ million records) costs an average of $5 million to $15.6 million.
The cost of downtime
Another reason why calculating data loss can be tricky is that the end cost ultimately depends on the consequences of the loss, not the missing files alone. When data is lost, it can cripple your operations, and that’s where the costs really add up.
For that reason, it’s typically more helpful to think of the cost of data loss in terms of the cost of the downtime that follows. Downtime is defined as the length of time that operations are interrupted (or altogether halted) by data loss.
- On average, downtime from data-loss events like ransomware costs small companies more than $8,500 per hour, according to 2016 figures from Aberdeen Group.
- Depending on the company’s size, Datto estimates that the costs of downtime can vary from $10,000 per hour to more than $5 million per hour.
Downtime caused specifically by ransomware has been surging over the past year. Datto found that the costs of these incidents has nearly tripled, from $48,800 in 2018 to $141,000 in 2019.
Why the wide ranges?
Every business is unique. A data-loss event for one business can be exorbitantly more expensive than for a similarly sized business right across the street. It all depends on how that data is used (and how it’s protected).
Factors that can influence the cost of data loss:
- Size of the company
- Amount of data lost
- Value of the lost data and/or its impact on operations
- Recoverability of the data
- Length of outage / speed of recovery
Larger businesses naturally have much larger datasets, which can increase the costs of a disaster. On the other hand, larger companies also tend to have greater financial resources for recovering from such an event, whereas smaller companies face a greater risk of failure.
Examining the costs of data loss
So, why does data loss cost so much?
We’ve established that disasters like ransomware attacks can be extremely expensive for a business, particularly when they lead to downtime. But what exactly factors into that downtime to make it so costly?
Without even taking into account the “add-on” expenses of things like emergency IT teams and hardware replacements, there are numerous ways that costs can skyrocket from the moment the disaster occurs.
Idle employees and lost wages
When business stops, employees are idled. This means they’re left with nothing to do, even though they’re still on the payroll.
Consider a ransomware attack that locks up all your computers, servers and email systems. Employees can’t do their jobs (or basically anything productive). And, if they’re salaried workers, they’ll continue to be paid, even if you send them home.
Even if they are hourly workers, and you decide to send everyone home – how much money is lost before that decision is made? Every hour of downtime, multiplied by the number of idled employees, can add up to a significant amount of lost wages.
Another immediate cost of data loss is interruption to revenue streams.
For example, if the business suddenly cannot take orders or process transactions after a server outage, the loss of revenue is immediate. If an online retailer’s website goes down, orders stop instantly. If ransomware encrypts all product data and customer records, sales teams can’t make their sales.
Revenue is stopped, and yet money is still going out in the form of wages and other expenses. That’s where the situation can become dangerous for smaller companies, which can only sustain such a disruption for so long before running out of funds.
Mechanical breakdowns aren’t the only threat to your production lines. When the applications or IT systems that power those processes go down, the end result is the same: an immediate stoppage. And with each minute that those systems remain offline, the business loses more money.
- In the auto industry, production downtime costs an average of $22,000 per minute, according to a survey of industry executives.
- On average, a manufacturer experiences 800 hours of production downtime a year, due to a wide range of factors, including data loss.
- For large industrial manufacturers, the costs of downtime can range from $10,000 to $250,000 per hour.
In 2017, the NotPetya ransomware attack halted production for pharmaceutical giant Merck. The company revealed in regulatory filings later that year that the attack had caused $870 million in damage. But by December 2019, after several lawsuits against its insurers, Merck ultimately claimed $1.3 billion in losses from the event.
We’ve mentioned how data loss can idle your employees, causing wasted wages. But what about smaller data-loss events, such as a single application going down or a single accidentally deleted spreadsheet?
These events might not cause the same widespread losses as a major downtime event, but they can still be very costly. A single lost file, for example, can lead to an employee wasting hours searching for it and seeking support from IT. That alone is a sizable productivity loss, and it doesn’t even take into account the other processes that are likely being disrupted if the file was critical to operations.
Industries like healthcare and financial services are particularly hard-pressed to protect their data from being compromised. If they’re found to have fallen out of compliance with stringent regulations such as HIPAA, they can be slapped with big fines.
HIPAA sets guidelines for protecting sensitive patient data, including rules for how the data is stored. Penalties for violating those rules can range from $100 to $50,000 per record, depending on the level of negligence.
Data loss resulting from the theft of an unprotected medical device or computer is just one example of a potential HIPAA violation.
Damaged reputation and credibility
Service disruption, no matter what the cause, irritates customers and can damage the business’s reputation for weeks or years.
The cost of “reputational” damage is hard to define, but it affects businesses in every industry. And in the age of social media, a single negative experience can quickly enflame into a crisis.
Customers and clients don’t care if ransomware has eaten your servers or if your hard drive has gone bad. They just want the same, dependable service they’re used to, and if the business can’t deliver on that promise, things can go south in a hurry. Additionally, events like ransomware attacks can create the perception that the business is lax about security and customers may begin to feel unsure about providing personal information or payment info.
When a disappointed customer decides to take their money to another business, they may never return.
How often does data loss happen?
A report by IT Policy Compliance Group found that one fifth of organizations experience 22 or more data-loss events a year in which sensitive data is stolen, lost, leaked or destroyed.
Human error is typically the #1 culprit, as data is often accidentally deleted or compromised by user action. Other common causes of data loss include:
- Hardware failure
- Software errors, bugs or crashes
- Operating system failure
- Ransomware, viruses, other malware or cyberattacks
- Physical damage from on-site events, such as fire or natural disaster
How to prevent it
Businesses can significantly mitigate the impact and cost of data loss with a data backup solution.
While no business can completely eliminate the risk of data loss, a good backup solution will ensure that lost data can be quickly restored. Today’s business continuity solutions can back up a business’s entire infrastructure every few minutes and enable near-instant recovery options, on-site or via cloud backups.
For small businesses especially, a dependable data backup system can prevent a data-loss event from becoming a costly, insurmountable disaster.
Avoid the costs of data loss with better backup
Get more information on how your business can prevent data loss with a stronger backup and disaster recovery solution. Request a free demo today, or contact us at (646) 395-1170 or success@invenioIT.com.