Cost of a Data Breach vs. Hard Drive Crusher: How You Can Save Millions

In the age of big data, data breaches are, unfortunately, no longer a possibility of “if” but “when.” As we get deeper into the digital age, hackers and thieves no longer need to breach a facility’s physical barriers in order to steal your or your clients’ personally identifiable information (PII). Instead, they can access your confidential information through hacking the cloud, phishing company employees via email and other more advanced virtual methods, with some resorting to the tried and true techniques of dumpster diving or surfing eBay for hard drives.

Data Breaches

From January to June 2019, there were more than 3,800 publicly disclosed data breaches that resulted in 4.1 billion records being compromised. That’s only within a six-month time window. While the rate of data breaches so far is slightly lower in 2020, there’s no real sign of it slowing down. For example, in July of this year, financial institution Morgan Stanley came under fire for an alleged data breach of their clients’ financial information after an ITAD (IT asset disposition) vendor misplaced various pieces of computer equipment storing customers’ personally identifiable information over four years.

As we’ve stated in previous blogs, introducing third-party data sanitization vendors into your end-of-life destruction procedure significantly increases the chain of custody, meaning that companies face a far higher risk of data breaches every step of the way. There have even been reports of some vendors selling end-of-life devices and their sensitive information to online third parties.

As the number of data breaches increases every year, so does the cost. According to The annual Cost of a Data Breach Report by IBM and Ponemon Institute, the cost of an average data breach in 2020 is $3.86m, a 10% rise over the past five years. These costs range from money lost and reputation maintenance to regulatory fines and ransomware, among other direct and indirect costs. In addition, state privacy lawyers may also need to be hired depending on the company’s client demographic, which adds additional costs.

The most expensive type of record is client PII, and the least expensive type is employee PII, with healthcare taking the cake as the number one industry in terms of the average cost of a data breach. In the U.S., organizations pay on average $8.9m per data breach, averaging approximately $146.00 per compromised record. For reference, a one terabyte (1TB) hard drive can hold up to 310,000 photos, 500 hours of HD video, 1,700 hours of music and upwards of 6.5 million document pages. Multiply those document pages by the average cost per record, and you have a hefty, burning hole in your company’s pockets.

" Companies with proper data security and end-of-life data destruction methods are likely to pay less in the case of a data breach"

Important Statistics

On average, 61% of data breach costs are within the first year, with 24% in the next 12-24 months and the remaining 15% more than two years later. Because of this statistic, it is essential to remember that there is no statute of limitations when it comes to data breaches. Companies with proper data security and end-of-life data destruction methods are likely to pay less in the case of a data breach. Still, for those with little or no protection methods in place, the cost could be astronomical. Take, for instance, British Airlines and Marriott: the two companies suffered data breaches in 2018 that cost them both upwards of $300m.

According to the IBM report, it can take about 280 days for a company to identify and contain a data breach. Unfortunately, some companies may not be aware of these data breaches within that time, increasing the cost of the prolonged breach. Marriott and Morgan Stanley had only discovered their data breaches after they had both been hacked over four years. In cases like these, time really is money.

The consequences of improper data destruction are endless. It’s why we at SEM stress that companies handling confidential information opt for in-house end-of-life destruction as their sole destruction method. By purchasing an in-house IT crusher, such as our Model 0101 Automatic Hard Drive Crusher, companies have complete oversight and can be certain that their clients’ information has been securely destroyed. But, as we’ve learned, a reactionary approach is not enough.

Our Model 0101

Our Model 0101 can destroy all hard drives regardless of size, format or type up to 1.85” high, including desktops, laptops and server drives. With a simple push of a button, our crusher delivers 12,000 pounds of force via a conical punch that causes catastrophic damage to the drive and its internal platter, rendering it completely inoperable. That’s a lot of force. This model has a durability rating from the National Security Agency (NSA) of 204 drives per hour but has the ability to destroy up to 2,250 laptop drives per hour.

When comparing the cost of our Model 0101 at around $5,000 or so (and an average lifespan of ten years) to a possible data breach resulting in millions of dollars, the right answer should be simple: by purchasing in-house end-of-life data destruction equipment, your company is making the most cost-effective, safest and securest decision. Think of it as VERY inexpensive insurance!

At SEM, we have an array of various high-quality NSA listed/CUI and unclassified magnetic media degaussers, IT crushers and enterprise IT shredders to meet any regulation. In addition, any one of our exceptional sales team members is more than happy to help answer any questions you may have and help determine which machine will best meet your destruction needs.

Brought to You by

What’s Hot on Infosecurity Magazine?