In 2014, the data management and protection company EMC Corp. published the results of a global survey, which compiled the responses of 3,200 IT and decision makers. The report suggests that data loss and downtime cost businesses a total of $1.7 trillion annually.
But money is only part of the equation; what about time and productivity?
When you include these elements, the actual cost of data loss is not easy to quantify.
The volume of data lost by companies increased by 400% between 2013 and 2014. Trends such as increased use of the cloud and mobile devices in the workplace are partly responsible – EMC reports that 62% of respondents reported that these new types of storage environments are difficult to protect and 51% do not have a post-DR plan for these environments.
IT Web reports that the cost of data breaches and data loss will reach $2.1 trillion by 2019 as data from consumers and businesses digitises. Juniper Research indicated that most of these data breaches would come from existing network infrastructure and computer systems, rather than emerging technologies.
A 2016 report by Verizon Enterprise on situations resulting in data loss suggests that small data mishaps involve an average cost of $18,120 to $35,730, up to $555,660. Larger violations resulting in data loss cost an average of $5 million to $15.6 million and can reach up to a staggering $200 million.
Although experts do not agree on the figures (or how to measure the exact cost of data loss) it is clear that the loss of information entails a significant financial loss.
When it comes to data loss, money is only the tip of the iceberg. Loss of productivity is an indirect consequence of data loss and can be extremely problematic for businesses. This can occur when networks become slow or unresponsive, requiring employees to work offline. In addition, if employees are looking for lost data this can considerably reduce productivity. Even when the IT infrastructure is idling, companies still pay for network, storage and employee salaries.
The impact of downtime
Time is something else that is lost during a data breach or leak, as recovering lost data can take several hours or even days. During the recovery process, it is common that for no new work to be completed during the downtime, grinding businesses to a halt and having a significant effect on revenue. Recovery efforts may also halt any development of products or services, delaying marketing and sales efforts.
Antoine Valette, business manager, Kroll Ontrack France, says: “We understand the vital importance for companies to recover their data within a very tight deadline, so our teams are mobilised 24/7.”
Fines and convictions
Loss of data may also result in a fine or a judicial inquiry into the practices of storage and securing of information. In some cases, this may result in a court conviction by authorities, who will be able to fine companies up to 5% of their turnover under the forthcoming GDPR legislation, resulting in a further increase in the cost of data breach. Recently, Windows 10 in the US attacked the global computer giant Microsoft and demanded several million dollars worth of damages over the ‘forced’ installation of Windows 10 that could have damaged their hardware and led to the loss of their data.
Threats to company data
There are many ways for a company to lose its data: Data breaches caused by malicious intent. In recent years we have seen the explosion of data thefts and ransomware.
David Logue, an engineer and ransomware expert, Kroll Ontrack, says: “At Kroll Ontrack, we advise not to pay the ransom. Very often victims who pay for their data have never received it back in return. Over the years, we have developed specialist software and tools to decipher ransomed data. There are several methods used to tackle different strains of ransomware – we have identified over 225 strains and defined decryption processes for more than 80 of them. However, the creators of this type of malware are constantly developing new strains to target users. That is why it is important to have a good backup and recovery plan and make sure that backups are tested regularly. Businesses should also inform their users about what a potential ransomware attack might look like to try and prevent systems becoming infected.”
Rogue employees. In some cases, disgruntled former employees still have access to network systems. According to Heimdal Security, 59% of employees steal proprietary business data when they leave or are laid off. Sometimes, employees with good intentions will accidentally violate data security policies by attempting to perform assigned tasks using technological services that are not approved by local IT administrators.
Data loss can also occur due to hardware failure, software compatibility issues, or systems and cloud interactions. Mobile devices, on the other hand, have another problem. Many employees prefer to use personal devices to access corporate files and now require the ability to work at home and at the office. As a result, very sensitive business information is often transmitted over home wireless networks or even public connections, putting such data at risk. Here, loss prevention focuses on two policies: network control and authentication. Data should only be transmitted over secure networks and users should be required to use at least two-factor authentication to reduce the chance of access if a mobile device is lost or stolen.
Managing large amounts of data
Companies are often keen to store as much data as possible for as long as necessary. This results in masses of data that contains significant quantities of personal and business information.
“It is not uncommon for a customer to tell us that their company owns a hundred or so ten-year backup tapes in a storage room and does not know what information is stored on them,” says Valette. “Regulated trades such as the banking and healthcare sectors must guarantee access to certain data for a certain time for legal reasons. They are obliged not only to retain the physical media, but also to keep costly systems running which are needed to restore the data.”
According to a recent global study conducted by Kroll Ontrack LLC among 720 IT administrators, 37% of companies simultaneously operate multiple backup systems, which considerably increases the cost and complexity of data management. In addition, 34% of businesses plan to replace their backup systems within two years, increasing the number of systems to be managed.
“For multiple systems to be managed, it is necessary to evaluate the strategies for managing archived data and it becomes imperative to take the appropriate decisions to ensure secure access to, safeguarding, migrating and removing data,” adds Valette.
Kroll Ontrack conducted the world’s first data recovery in 1987 and continuing to be at the forefront of technological advances thanks to its 200 R&D engineers. This enables the recovery of data for individuals and companies from all types of backup systems, including: HDDs, SSDs, servers, smartphones, tablets, flash memory, magnetic tapes, computers and laptops, virtual systems, RAID systems, NAS, SAN, DAS, Apple devices and cloud storage systems.
“For nearly 30 years, our engineers have been working on data loss issues and accumulating success stories. They have come to the conclusion that data is recoverable in most cases, under all circumstances. If you lose data, ask a qualified expert for advice on what to do before doing anything yourself. There is often a discrepancy between perception and reality: 78% of customers we surveyed thought that their data loss came from a hardware problem, however, we actually find that only 56% of data loss situations result from hardware problems,” explains Valette.
How to protect yourself against data loss
With many different costs and causes, it seems very difficult for companies to fight against the scoure of data loss, but some actions can be taken to reduce risk.
Firstly, safeguarding data within companies should be reviewed and checked on a regular basis. This can be done on-site or via a cloud-based storage facility, which provides the benefit of faster recovery times in the event of data loss.
Employees should also be aware of the importance of preventing data loss and how to avoid common errors, such as opening unknown attachments or downloading applications from unknown sources.
The development of a set of data classification standards to identify data that is essential for day-to-day operations and to ensure that this information has the highest recovery priority in case of data loss.
Restricting access to protect data: ensuring that only employees and managers directly involved in a project have access to relevant information. The actual cost of data loss is a combination of money, time and reduced productivity. Avoiding data loss involves identifying potential threats and building a data loss prevention policy to prevent issues from happening.