Businesses that tend to proactively disclose security breaches are likely to suffer less financial damage than their peers who have security incidents leaked to the media, according to a new report by cyber security firm Kaspersky.

According to the Kaspersky report, ‘How businesses can minimize the cost of a data breach’, SMBs that decide to voluntarily inform their stakeholders and the public about a breach, on average, are likely suffer a 40 per cent less loss than their peers that saw the incident leaked to the media. The same tendency has also been found to be the case in enterprises, Kaspersky said.

“Failure to suitably inform the public about a data breach in a timely manner can make the financial and reputational consequences of a data breach more severe,” Kaspersky said.

The cost of the breach for SMBs that disclose a breach are estimated at $93,000 on an average while their peers who had the security incident leaked to the media suffered $155,000 in damage.

In the case of enterprises, those that voluntarily inform their audiences about a breach experienced 28 per cent less financial damage than those whose incidents were leaked to the press – $1.134 million compared to $1.583 million.

The report further showed that organisations that take ownership of the situation usually mitigate the damage.

As per the report, 46 per cent of businesses revealed a breach proactively as compared to 30 per cent who preferred not to disclose it. 24 per cent of companies had their security incidents leaked to the media.

29 per cent of SMBs that took over a week to identify that they had been breached found the news in the press as compared to 15 per cent that detected it almost immediately. These figures are similar for enterprises at 32 per cent and 19 per cent, respectively.

Trust matters

“Proactive disclosure can help turn things around in a company’s favour – and it goes beyond just the financial impact,” said Yana Shevchenko, Senior Product Marketing Manager at Kaspersky.

“If customers know what happened first hand, they are likely to maintain their trust in the brand. Also, the company can give its clients recommendations on what to do next so that they can keep their assets protected. The company can also tell their side of the story by sharing reliable and correct information with the media, instead of publications relying on third-party sources that may depict the situation incorrectly,” Shevchenko added.

The report is based on a global survey of more than 5,200 IT and cybersecurity practitioners.