The Ugly Truth: Cost of a Data Breach & Why PCI Compliance is Necessary

by P. Heaven

on August 5, 2019

Restaurant and Retail merchants continue to be active targets for cybercriminals and with the rising costs associated with a data breach, it’s important to know the scope of your risk and what it could mean to your bottom line. While a data breach may seem like it may never affect your company specifically, it is far more common than you probably think. There were 1,903 data breach incidents reported in Q1 of 2019 alone, 43% of which occurred at small businesses. Due to these incidents, there were 1.9 billion records exposed.

Over the years, the average cost per record lost has increased 20% to an all-time high of $225. Of this sum, $146 accounts for lost customers and the remaining $79 represents the cost to resolve the breach in the way of legal fees, technology investments, and system updates. A small business breach within the United States costs an average of $117,000. In fact, research conducted by the National Cyber Security Alliance found that as much as 60% of hacked small and medium-sized companies go out of business after six months.

It doesn’t come as a surprise that the leading cause of a breach continues to be of malicious and criminal nature. System glitches and human errors (lack of employee training) share second place, each responsible for 24% of incidents. Not only are the majority of these occurrences done with malicious intent, this specific cause happens to also be the priciest of the three, ringing in at a whopping $244 per compromised record. In contrast, the cost associated with system glitches and human error are substantially less at $209 and $200 respectively.

As of 2017 four new factors play a role in the cost analysis, most notably, the presence of compliance failures, which increased the cost per record by $19.30. One way to combat a potential breach? Make sure you are adhering to all compliance requirements set forth by the PCI Security Standards Council. Of all investigated breaches from 2010 to 2016, not a single incident was PCI compliant at the time of the breach.

Relying on professionals with compliance and security experience can ease the burden and reduce your monetary risk.

Here are a few questions you should ask of compliance providers to get the most for your money:

  • Do you run quarterly scans to detect network or firewall weaknesses?
  • If the scans are failed do you help remediate any issues to reestablish security?
  • Is there assistance with the attestation of compliance?
  • What if I need a QSA to complete my attestation of compliance?
  • How do I know which self-assessment questionnaire I am required to complete?
  • Do you offer any assistance in training my employees properly to prevent a data breach?
  • Is there a resource, in the event of a breach or even for general questions, that can be utilized even after business hours?

NuArx has crafted a security solution that addresses all of the questions above and minimizes the responsibility associated with maintaining secure network compliance and lets you focus on other things – like running your business.

Knowing your company is secure and PCI complaint can make a world of difference in how far a breach penetrates your system. 80% of all victims of a security beach don’t know that they are compromised for a week or more. If you want to learn more about how to Protect your Brand | Business | Customers, give NuArx a call at (877) 556-8279 or visit


  • Amor: The Black Market Report
  • Ponemon Institute Cost of a Cyber Crime Study 2017
  • Ponemon Institute Cost of a Cyber Crime Study 2018
  • Cisco 2018: Security Capabilities Benchmark Study
  • 2018 Verizon Data Breach Investigations Report

Pin It on Pinterest

Share This