What type of data costs the most in a breach?

Data breaches are on the rise, and the costs of these cyberattacks are rising, and significantly.

It's an interesting (and scary) situation because companies know that data is important to their business. Businesses continue to capture and store vast amounts of valuable data, including customer information and staff data.

The most debilitating effect of a data breach is on the company's reputation and bottom line. But other factors are equally important. The impact may mostly depend on the value your data holds.

Businesses today collect and store different types of data. Understanding the factors that drive data value is crucial because it helps to know what type of data will cost you more during a breach. 

In some instances, value is determined by the nature of your data—customer data, trade secrets, policy documents, business plans, product designs, and more. 

In other cases, what drives data value could be the nature of your business. For example, if you are Facebook, you will use your data to improve the platform and help companies create targeted advertising. 

But if you are a hospital, you may store sensitive patient data and are responsible for its privacy and security (to ensure regulatory compliance).

A dataset can be valuable to one and mean absolutely nothing to another. Someone taking a survey will do it for fun, but the people conducting it value it. If you want the content of a newsletter, they want your email address. 

The data holder or owner determines its value. Sometimes a third party could dictate that. You may not deem a piece of data from a customer important. But your state government can require you to protect that information. 

The (global) average cost of a security event, such as a data breach in 2022, is $4.35 million. That’s a 13% increase in two years. 

Big businesses usually withstand the storm, pay fines for damages, and reach settlements even if there are millions of data involved. At the same time, small companies with relatively low-impact breaches are more likely to face a sharper sword. Therefore, the scope and infrastructure of your business play a huge part in whether you can take the punch.

To understand the weight of the information you hold, let’s look at three situations:

• You know what type of data you have and where you store them
• You know what kind of data you own but not where you store them
• You don’t know the data types you're storing, and you have no idea where it is 

This is where data identification and classification help you determine the cost of a possible breach. Here are some of the benefits:

• Allows you to build or adapt your infrastructure and architecture to fit legal requirements.
• Easier to follow specific encryption standards, access control, and group policies.
• You can plan your response expertise to attacks and mitigate damages. This includes backup and restoration systems.
• Better forecasting ability: You know the value, type, and storage location of the data, so you can approximate your cost per X amount of data lost.

A data breach can cost a business in currency and more. Understanding the value of the data you store and their hidden costs is the first step to preventing and preparing for the worst.