Cost of a Data Breach vs. Hard Drive Crusher: How You Can Save Millions

October 6, 2020 at 8:15 am by Amanda Canale

In the age of Big Data, data breaches are, unfortunately, no longer a possibility of “if” but “when.” As we get deeper into the digital age, hackers and thieves no longer need to breach a facility’s physical barriers in order to steal your or your clients’ personally identifiable information (PII). They can access your confidential information through hacking the cloud, phishing company employees via email, and other more advanced virtual methods, with some resorting to the tried and true methods of dumpster diving or surfing eBay for hard drives.

From January to June 2019 there were more than 3,800 publicly disclosed data breaches that resulted in 4.1 billion records being compromised. That’s only within a six-month time window. While the rate of data breaches so far is slightly lower in 2020, there’s no real sign of it slowing down. For example, in July of this year, financial institution Morgan Stanley came under fire for an alleged data breach of their clients’ financial information after an ITAD (IT asset disposition) vendor misplaced various pieces of computer equipment storing customers’ personally identifiable information over a period of four years.

As we’ve stated in previous blogs, introducing third party data sanitization vendors into your end-of-life destruction procedure significantly increases the chain of custody, meaning that companies face a far higher risk of data breaches every step of the way. There have even been reports of some vendors selling end-of-life devices and their sensitive information to online third parties.

As the number of data breaches increase every year, so does the cost. According to the IBM and Ponemon Institute report, the cost of an average data breach in 2020 is $3.86 million, a 10% rise over the past five years. These costs range from money lost and reputation maintenance to regulatory fines and ransomware, among other direct and indirect costs. Depending on the company’s client demographic, state privacy lawyers may also need to be hired, which adds additional costs.

Settlement newspaper headline on money

The most expensive type of record is client PII and the least expensive type is employee PII, with healthcare taking the cake as the number one industry in terms of average cost of a data breach. In the U.S., organizations pay on average $8.9 million per data breach, averaging out to approximately $146.00 per compromised record. For reference, a one terabyte (1TB) hard drive can hold up to 310,000 photos, 500 hours of HD video, 1,700 hours of music, and upwards of 6.5 million document pages. Multiply those document pages by the average cost per record and you have a hefty, burning hole in your company’s pockets.

On average, 61% of data breach costs are within the first year, with 24% in the next 12-24 months, and the remaining 15% more than two years later.  It is because of this statistic that it is important to remember that there is no statute of limitations when it comes to data breaches. Companies with proper data security and end-of-life data destruction methods are likely to pay less in the case of a data breach but for those with little or no protection methods in place, the cost could be astronomical. Take for instance, British Airlines and Marriott: the two companies suffered data breaches in 2018 that cost them both upwards of $300 million.

According to the IBM report, it can take about 280 days for a company to identify and contain a data breach. Unfortunately, some companies may not be aware of these data breaches within that time, which can increase the cost of the prolonged breach. Marriott and Morgan Stanley had only discovered their data breaches after they had both been hacked over a four-year period. In cases like these, time really is money.

The consequences of improper data destruction are endless. It’s why we at SEM stress that companies handling confidential information opt for in-house end-of-life destruction as their sole destruction method. By purchasing an in-house IT crusher, such as our Model 0101 Automatic Hard Drive Crusher, companies have complete oversight and can be certain that their clients’ information has been securely destroyed. As we’ve learned, a reactionary approach is simply not enough.

Our Model 0101 has the capability to destroy all hard drives regardless of size, format, or type up to 1.85” high, which includes desktop, laptop, and server drives. With a simple push of a button, our crusher delivers 12,000 pounds of force via a conical punch that causes catastrophic damage to the drive and its internal platter, rendering it completely inoperable. That’s a lot of force. This model has a durability rating from the National Security Agency (NSA) of 204 drives per hour but has the ability to destroy up to 2,250 laptop drives per hour.

When comparing the cost of our Model 0101 at $5,066.88 (and an average lifespan of ten years) to a possible data breach resulting in millions of dollars, the right answer should be simple: by purchasing in-house end-of-life data destruction equipment, your company is making the most cost-effective, safest, and securest decision. Think of it as VERY inexpensive insurance!

At SEM we have an array of various high-quality NSA listed/CUI and unclassified magnetic media degaussers, IT crushers, and enterprise IT shredders to meet any regulation. Any one of our exceptional sales team members are more than happy to help answer any questions you may have and help determine which machine will best meet your destruction needs.

For more information on how maximizing every square foot of your facility with in-house data destruction is the best financial investment when it comes to proper data security, you can hear from Ben Figueroa, SEM’s Global Commercial Sales Director, below.