The Cost of a Breach: 10 Terrifying Cybersecurity Stats Your MSP’s Customers Need to Know

As a managed service provider (MSP), you know cybersecurity is a big deal. For SMBs, a breach could mean extensive damage and cost, potentially causing businesses to close their doors permanently. Your customers—even the ones that didn’t heed your warnings—will look to you as their IT provider for answers and wonder if you could have done more to prevent the attack or mitigate the damage. It’s no secret that this lost trust will harm your customer relations and your brand, ultimately putting your MSP in jeopardy.

How can you tackle the cybersecurity conversation with your clients and convince them they need to be prepared?

The scary reality is, if your customers aren’t prepared for a cyberattack, they could lose everything—and ultimately, so could you. Here, we’ve compiled stats to help you illustrate the reality of the cybersecurity threat to your customers and spark action.

10. Cybersecurity should be top-of-mind for businesses. Everybody is a potential target.

95% of breaches

The global information security market is forecasted to reach $170.4 billion in 2022, according to Gartner. And while that number is so large it’s hard to wrap your head around it, here’s another stat that might hit closer to home. According to Cybint, 95% of cybersecurity breaches are caused by human error, meaning they were likely preventable. Yes, you read that right. Would that catch your customer’s attention?

9. When a security breach occurs, companies have to hit pause, losing precious time and revenue. This hits small businesses especially hard.

1.52 million

Lost business costs accounts for nearly 40% of the average total cost of a data breach, increasing from $1.42 million in 2019 to $1.52 million in 2020. On average, companies in 2020 required 207 days to identify and 73 days to contain a breach, for a “lifecycle” of 280 days. 
(Source: IBM & Ponemon Cost of a Data Breach Report 2020)

8. Depending on the type of information that was compromised, businesses may be on the hook for legal fees.

3 to 5 years

If a settlement is in the works, a small business could be in limbo for quite some time. It’s common for 3 to 5 years to pass between a breach and a settlement. During that time, the company is paying legal fees, expenses and filing costs—not to mention the cost of the actual settlement.
(Source: Revision Legal)

7. If a company has broken a cybersecurity law, they could also be subject to penalties and fines.

the cost of not being compliance

Violating cybersecurity laws is an expensive and disruptive process. Do your customers know if they are in compliance with current regulations?

  • Health Insurance Portability and Accountability Act (HIPAA) fines are calculated based on the number of medical records exposed with fines ranging from $50 to $50,000 per record. 
  • Gramm-Leach-Bliley Act (GLBA) requires companies offering consumers financial products to explain their information-sharing practices and safeguard sensitive data. Fines can be as high as $100,000 for each violation, and the officers and directors of the organization may be fined up to $10,000 personally.
  • General Data Protection Regulation (GDPR) mandates the use of encryption and is especially punitive, with fines potentially totaling tens of millions of dollars.
  • Being in breach of Payment Card Industry Data Security Standards (PCI DDS) exposes organizations to minimum fines of $5,000 per month and maximum fines of $100,00 per month.  

(Source: CyberInsureOne)

6. If a company is found liable for the leaked information, victims could request compensation.

data breach

Perhaps the most sizable example is the Equifax breach that occurred in 2017. Two years later, Equifax agreed to pay nearly $700 million to settle federal and state investigations into how it handled a massive data breach that affected nearly 150 million people. 

The settlement included $425 million to directly help consumers affected by the breach. The restitution fund started with $300 million dedicated to consumer compensation, with an additional $125 million if the initial funds ran out. 

5. When a company is dealing with a data breach, normal everyday business can fall through the cracks. Lost sales result in lost profits and a very lean bottom line.

revenue loss

Significant revenue loss as a result of a cybersecurity breach is common. Studies show that 29% of businesses that face a data breach end up losing revenue. Of that lost revenue, 38% experienced a loss of 20% or more.
(Source: The Ame Group)

4. Identifying the breach is one thing, but remediating the situation is an entirely different animal—and the less prepared your customer, the more expensive it will be.

best defense

Remind your customers that the best defense is often a good offense. The cost of remediation can skyrocket as a companies:

  • Document the attack
  • Quarantine compromised hardware and software
  • Contain and eliminate the threat
  • Analyze activity logs
  • Fix the vulnerability that caused the breach
  • Repair or replace infected systems
  • Implement security improvements 

And ransomware significantly adds to this cost, tacking on an average of nearly $150,000! 
(Source: Field Effect

3. And when operations are subpar, your client starts to lose customers.

80% of breached orgs

Eighty percent of breached organizations state that customer personally identifiable information (PII) was compromised during the breach. While the average cost per lost or solen record was $146 across all data breaches, those containing customer PII cost businesses $150 per record—as well as the threat of customers losing faith in the company and turning elsewhere. 
(Source: IBM & Ponemon Cost of a Data Breach Report 2020)

2. A breach can damage your customer’s reputation—and it can take years to recover.

90% of total cyberattack costs

The biggest cost of a cyberattack is reputation. Deloitte determined that up to 90% of the total costs in a cyberattack occur beneath the surface. Hidden costs, like damaged credibility, can affect a business for years after a breach. What’s more, loss of trust in the business, diminished brand reputation and increased costs concerning debt financing are not covered by insurance. 
(Source: Deloitte)

1. In a worst-case scenario, your customer can lose their entire business.

60% of email business

If everything listed above happens, it can be hard to keep a business afloat. This is especially true for small businesses and why 60% small businesses that are victims of a cyberattack go out of business within six months.  
(Source: Fundera)

These statistics tell a story—and it’s a pretty scary one. One (or more) of these situations can easily happen to your customers if they aren’t prepared. But they can also happen to your technology company if you’re not practicing what you preach—creating a scenario that not only puts your business in jeopardy, but likely exposes sensitive customer data to cyber criminals, which can exponentially compound the negative impacts of a breach. Look no further than the Kaseya ransomware attack that impacted the MSP community in July 2021.

At the end of the day, being the example of a security-focused MSP not only protects your business, but it also adds an additional layer of protection to your customers and encourages them to take the cybersecurity steps you recommend.

The CompTIA ISAO Supports Security-focused MSPs

To help tech companies accelerate their cyber resilience, the CompTIA Information Sharing and Analysis Organization (ISAO) tailors proactive cyber threat intelligence and actionable analysis to meet the needs of MSPs, solution providers, technology vendors, and their customers. CompTIA ISAO members also gain access to a trusted community of peers where you can share cybersecurity information and best practices.

Learn more about how ISAOs help businesses improve their cyber resilience.

You can’t be proactive if you don’t know the potential for a problem exists. You can’t take preventative measures if you don’t know what’s happening in the threat landscape. CompTIA ISAO membership keeps you informed and prepared, making it a cornerstone of a technology company’s strong cybersecurity practice.

Learn more about the benefits of CompTIA ISAO membership.

Join the CompTIA ISAO

The CompTIA ISAO provides actionable threat intelligence to MSPs, solution providers and technology vendors. Protect your customers and your business by joining the fight now. Become a CompTIA ISAO member.


Explore More Resources