There’s Value in Everything: Stop Underestimating the Value of Your Data on the Black Market
But no matter how much this vital information is worth to someone trying to steal it, the economic impact a data breach and the damage to your reputation is much, much worse.
Unfortunately, too many small and midsized businesses still seem to think they don’t have anything worth stealing—and those businesses are exact kind of companies that criminals love. Following our recent blogs on the misconception of being too small to hack and our article on the biggest threats on the horizon according to Experian, we would today like to look at just how much it could cost you to fail.
The Market for Your Data
$8 per record and $0.11 per credit card—it doesn’t sound like a lot, right? Well, take a second to think of how many customer records you have and start multiplying. This is how much your data is worth to a hacker—someone who may have just spent an afternoon, a day or a week working to breach your systems.
These data, sold on the dark web to the highest bidder, can bring in a healthy haul with much less work than a real job. Pair this with the increase of hacking and ransomware-as-a-service tools being sold and swapped on the dark web, it’s easier than ever for even a low-level criminal to get into the game.
According to Comparitech, who researched the prices of stolen credit cards, hacked PayPal accounts, and private Social Security numbers on more than 40 different dark web marketplaces, the average price of each U.S. citizen’s “fullz,” or complete information including name, date of birth, address, phone number, account numbers and other information is $8.
Though it’s unlikely you collect all of this information, “fullz” aren’t the only thing people are looking for. Stolen credit cards can reach prices of nearly $1000 per card and hacked PayPal accounts can garner nearly twice that. Among the findings:
- Americans have the cheapest fullz (full credentials), averaging $8 per record. Japan and the UAE have the most expensive identities at an average of $25.
- Prices for stolen credit cards range widely from $0.11 to $986.
- Hacked PayPal accounts range from $5 to $1,767.
- US and UK accounted for highest percentage of stolen credit cards which reflected in lower average price of $1.50 and $2.50 respectively.
- The median credit limit on a stolen credit card is 24 times the price of the card.
- The median account balance of a hacked PayPal account is 32 times the price on the dark web.
Even on the low end, an afternoon breach garnering 5,000 cards could bring in around $600, with much of the information being sold in dumps to anyone willing to pay. For the buyer, even one strike on the $600 paid could send them on a shopping spree for thousands using your customer’s information.
Cost of Ransomware Payments
Not only is there value in your information, there’s value in preventing you from accessing it. Ransomware continues to proliferate, and it’s easier than ever for criminals to access it. These can leave you paying a healthy ransom with no guarantee of freedom or paying a lot more for recovery and repairs than you otherwise would have paid for prevention.
In fact, according to Sentinel One, it’s estimated that ransomware has cost the United States more than $7.5 billion per year in recent years, with average ransom payments setting you back $40,000 or more. Add to this the costs of downtime, data loss, and more, and companies who fall victim to an attack might find themselves collapsing.
The Cost of a Breach to You
Knowing that cybercriminals have means, motive, and opportunity, your lax security can bring them a passable haul. But for you, the problems are just beginning. Data breaches can leave you in a world of hurt. From reputation damage to legal and regulatory liability, failure to protect data can cost you.
According to the IBM Cost of a Data Breach Report, the average time to identify and contain a data breach, or the “breach lifecycle,” was 280 days in 2020. Worldwide, this resulted in an average cost to companies reaching $3.86 million and nearly $9 million in the US.
For those with customers in California, a breach adds on even more. Failure to comply with the CCPA can result in significant sanctions, with statutory damages between $100 and 750 per record breached. Even using the 5,000 record number above, you could be on the hook for nearly $4 million.
From here, it gets worse. After all, you’re going to have to tell your customers. And this isn’t just resulting in more expenditures—but lower revenues. In most cases, this is where the problems really hit—it’s hard to pay for recovery when your name is tarnished and you can’t make a sale.
Prevention is Key (and Much Cheaper)
Regardless of what the infrastructure looks like – Cloud, on-premise, or a hybrid, having the right security posture will help you to avoid any of this fallout by securing the connections between multiple sites, ultimately keeping your users, customers, applications, and data safe.
At Virtually Managed IT Solutions LLC, we’re here to help. From network security to application and cloud security, our team will work to protect you and keep you from becoming another statistic. Get to know more about our security solutions, our network of esteemed partners, and contact us to learn more.