Businesses that proactively disclose data breaches tend to lose less money from the event, compared to those that try to keep the incident a secret.
This is according to a new report from cybersecurity experts Kaspersky, which polled more than 5,200 IT and cybersecurity practitioners. Kaspersky found that SMBs, but enterprises as well, that voluntarily inform their stakeholders about an incident, are likely to lose 40 percent less than their peers who'd rather keep such things to themselves.
The report argues that organizations that take ownership of the situation usually mitigate the damage. It’s not clear if the costs are lower because they disclose the event, or if they’d be lower anyway because businesses that disclose it are usually more responsible.
Whatever the reason, SMBs that disclose a breach usually lose around $93,000, while those that don’t can expect to range around $155,000. Among enterprises, those that are upfront about it can expect to lose $1.134m, compared to $1.583m from those that don’t (28 percent more).
This represents a unique opportunity for businesses to better mitigate damages, the report further claims, stating that just around half (46 percent) of businesses reveal a breach proactively. Almost a third (30 percent) that suffered an incident decided to keep it under wraps, while a quarter (24 percent) tried to hide the incident but it ended up leaking to the media.
“Proactive disclosure can help turn things around in a company’s favor – and it goes beyond just the financial impact. If customers know what happened firsthand, they are likelier to maintain their trust in the brand. Also, the company can give its clients recommendations on what to do next so that they can keep their assets protected. The company can also tell their side of the story by sharing reliable and correct information with the media, instead of publications relying on third-party sources that may depict the situation incorrectly,” commented Yana Shevchenko, Senior Product Marketing Manager at Kaspersky.