Privacy breaches are a reality that all organizations need to protect themselves against regardless of industry or size – and it’s an area of business that must not fall into complacency. As the ways in which we work continue to change and new tools and methods of conducting business evolve, cyber threats only grow more severe as hackers find sophisticated new ways to exploit sensitive information.

Privacy Breaches Lead to Substantial Costs

Like other forms of theft, privacy breaches are extremely costly to investigate and contain, plus they create long-term financial impacts from lost revenue, bad publicity and regulatory fines. According to the latest Ponemon Institute and IMB Security Cost of a Data Breach Report, the average cost of a privacy breach reached $3.86 million in 2020, which is a 10% increase over the last five years.

Slow Breach Response Times Increase Costs

Being slow to identify and contain a breach does have significant financial consequences for companies. According to the study, the average time to detect and contain a breach in 2020 was 280 days, but breaches caused by malicious attacks took 315 days.

Considering that the average cost of a lost or stolen record was $146 across all data breaches, think of the damage that could be done to your business in that time. The stakes are even higher for lost or stolen records containing customer personally identifiable information (PPI), which accounted for 80% of breaches in 2020.

Unprepared Organizations Do Pay More

Organizations without a response plan do experience greater losses compared to those with precautions already in place. Companies that were able to detect and contain a breach in under 200 days spent an average of $1.12 million less on a privacy breach.

Privacy Breaches Have Lasting Impacts

A privacy breach is not a quick one-time event – the consequences unravel for years after an attack. According to the study’s long-term cost analysis, an average of 61% of data breach costs are incurred during the first year, followed by 24% in the second year and 15% after two years.

While large corporations may be able to survive the aftermath of a breach, smaller businesses – especially those in competitive industries – may not be able to withstand the impacts.

Factors That Make Privacy Breaches So Costly

Privacy breaches are financially devastating because they affect numerous aspects of an organization’s operations for long periods, including:

Lost Business

Lost business alone accounted for 39.4% of the average total cost of a data breach in 2020 and is a by-product of increased customer turnover, lost revenue due to system downtime and the increasing cost of acquiring new business due to a diminished reputation.

Detection and Escalation

When an attack occurs, resources must be diverted to cover the detection and escalation of a breach, which may include forensic and investigative costs, audit services and crisis management. Within the last year, businesses have spent 28.8% of the average total cost of a breach to carry out these important activities.


Time must be taken away from revenue-generating responsibilities to ensure that proper notification is provided to data subjects, data protection regulators and other third parties once a breach has occurred. This accounted for an average of 6.2% of the total data breach costs in 2020.

Post-data Breach Response Plan

A post-data breach response plan provides aid to victims of a breach. Costs may include credit monitoring and identity protection services, the issuing of new accounts or credit cards and product discounts. Legal expenditures and regulatory fines can also increase expenditures much higher than expected. Altogether, post response accounted for 25.6% of the average total cost of a breach last year.

Reduce Your Company’s Risk of a Privacy Breach

Cyber thieves are constantly evolving creative methods to steal confidential data and all organizations and industries are potential targets. Protect your business from a costly privacy breach by taking Blue-Pencil’s Information Security Risk Assessment to identify your organization’s biggest security gaps.


Blue-Pencil helps thousands of the Greater Toronto area businesses shred their private information each year and protect it from a security breach.