Would you put a $ 100 fence around a $ 10,000 horse?
Does it make sense to put a $ 10,000 fence around a $ 100 horse?
The same concepts apply to protecting your data. What is your data worth?
There are numerous examples where a company was audited for HIPAA compliance by a venture capital firm that wants to invest in their company or when one company wants to purchase a healthcare company. In all these cases, HIPAA compliance was worth millions of dollars.
We asked a client how much the financial impact would be on their business if they lost the sensitive personal data they collected about business partners, and had to notify everyone. The owner said they would be out of business, costing millions of dollars.
Breaches result in lawsuits, with settlements in the millions. If you are a licensed or certified professional, you can lose your license or certification if you are breached.
Federal HIPAA penalties in 2014 – 2015 were $ 14 million. In 2016 – 2017 they tripled to $ 42 million. In 2018, they have already reached $ 7.9 million.
Instead of words and images in a computer, think of your data as a pile of gold bars that is worth protecting.
- What data do you have that is regulated, that you must protect to comply with laws and other regulations?
- What fines and lawsuit judgments might you face if your data is breached?
- Beyond HIPAA that protects patient information, do you know your state data breach laws that apply to employee data?
- Do you know the regulations that protect credit card data?
- Do you have enough of the right type of insurance to protect your finances if you are breached?
As part of our assessments, we search the Dark Web (the criminal side of the Internet) to see if our clients have employee passwords for sale by hackers. Over 90% have had at least one employee’s credentials stolen and offered for sale.
Most of our clients start out not knowing the value of their risks. They hadn’t approved IT security purchases, because the costs were high, and they didn’t know if security was worth the investment.
So, how much should you invest in protecting your data?
Number of Patient Records x $ 408 (cost per record of a breach) = $ ________________ in risk.
Example: 25,000 records x $ 408 = $ 10.2 million. (If this number startles you, imagine if your costs were only 25% of the total, which is still $ 2.5 million.)
Other ways to put a dollar value on your risk
- How much would a breach affect the market value of your business?
- How much investment capital do you need for expansion?
- Personally, what will your retirement look like if you had to pay $ 1 million, $ 2 million, or more, to cover the costs of a breach?
- What would your life be like if you went out of business?
Know the value of your cyber security risk. Do the math.
Ask your IT department, or an outsourced independent IT security consultant, to assess your risks, and recommend what you need to be fully protected. Our assessments calculate your risks based on dollars, and provide ‘under the skin’ data about the current status of your security. Don’t settle for guesses.
Base your security investment on the value of your risks, not just the general idea that your data needs to be protected.