JoTo PR: Average U.S. Security Breach Costs $7.35M; Crisis Management a Critical Expense

Share Article

Last year, 2.6 billion records were compromised in 1,765 security breaches, costing businesses millions of dollars. Karla Jo Helms of JoTo PR explores data breaches by the numbers and examines how PR and crisis management can impact the costs.

Karla Jo Helms, CEO of JoTo PR, discusses the risk of cutting corners in the case of a security breach.

Those who delay or cut corners could soon find themselves facing a PR disaster of far greater magnitude…as well as skyrocketing costs.

More than 2.6 billion digital records were lost, stolen or exposed last year in 1,765 data breach incidents, including 1,453 in the United States.(1) Each breach cost U.S. businesses an average of $7.35 million—nearly 10% more than the 2016 average of $6.69 million;(2) and Equifax alone has already spent over $242.7 million to address last year’s massive data theft.(3) Karla Jo Helms, founder and CEO of JoTo PR, aims to educate businesses on the costs and repercussions of security breaches, as well as steps to prevent them. In light of hefty crisis management expenses, she recommends proactive public relations efforts as a cost-effective way to manage brand reputation and help mitigate crises before they escalate.

Despite ongoing advances in cybersecurity, data breaches continue to occur—and reoccur—with alarming regularity. Among companies that suffered a successful attack in 2017, there is a 27.7% likelihood they will experience another data breach within 24 months.(2) It takes businesses an average of 191 days to detect a data breach and 66 days to contain it.(2) Within the United States, the average costs of each data breach include:

  •     $1.07 million for detection and escalation, including investigation, assessment, auditing and crisis team management;
  •     $690,000 to notify customers, including creating a contact database, postage and other communication costs, and engaging outside experts;
  •     $1.56 million for post-breach response, including customer support, legal fees, remediation, regulatory interventions and inbound communications; and
  •     $4.13 million in lost business costs, including high levels of customer turnover, increased customer acquisition costs, reputational damage and loss of goodwill.(2)

“Though companies may balk at the expense of IT security and other proactive and preventative measures, they’re far less costly than a data breach,” noted Helms. “In Equifax’s case, the company has already recorded hundreds of millions of dollars in losses; and when lawsuits are factored in, the total could run into billions. Certain expenses are unavoidable—such as repairing the breach and attempting to make things right for customers—but businesses should also budget for crisis management expertise from the moment a breach is discovered. Those who delay or cut corners could soon find themselves facing a PR disaster of far greater magnitude…as well as skyrocketing costs.”

Equifax has received harsh criticism for the poor handling of its 2017 breach,(4) which impacted 147.7 million Americans.(1) The company waited nearly six weeks before announcing the breach, which was discovered July 29, and three of its executives sold off nearly $2 million in shares in the interim. Instead of reaching out directly to impacted consumers, Equifax set up a website—but it wasn’t ready for days. When the company offered free credit-monitoring services to those affected by the breach, it initially required enrollees to waive their right to sue. And after Equifax’s initial September 7 statement, CEO Richard Smith did not publicly address the matter for nearly a week, until he published an op-ed piece in USA Today on September 13.(4)

“The PR nightmare that followed this breach was largely of Equifax’s own making,” asserted Helms. “Beyond allowing the hack to happen and failing to encrypt personally identifiable information, Equifax’s lack of transparency, ineffectual communications and focus on profits over people made the company seem careless, bumbling, greedy and insensitive to consumers’ plight. Better crisis-management efforts and a customer-first response could have saved Equifax’s reputation from taking such a hit; consumers may have been more forgiving if they believed Equifax cared as much about their losses as its own. Likewise, proactive public relations could have gone a long way in establishing goodwill and reducing lost business—which accounts for more than half of the costs of each data breach.”

Helms says there are several important steps companies can take to mitigate financial and reputational damage in the event of a data breach:
1.    Encrypt all sensitive data, which protects customers’ personal information and renders it useless to hackers. Among the data breaches recorded in 2017, only 3.1% involved encrypted data—the rest of the files were completely vulnerable.(1)
2.    Securely store and manage all encryption keys to keep them out of the hands of cybercriminals.
3.    Control access to data and encryption keys, and require authentication of all users. While malicious outsiders perpetrate 72% of data breaches, 9% are the work of malicious insiders.(1)
4.    Maintain a relationship with an experienced crisis management firm. When a crisis strikes, you need to have a plan of action ready to go—and it’s best if that plan comes from an expert who fully understands your business and customers.
5.    Engage in proactive public relations on an ongoing basis. This not only helps to improve brand reputation, but it can help foster a positive connection between consumers and a business that makes them want to believe the best of a company.

“Market growth, market positioning and competitor dynamics are the fiercest indicators of a company’s health and valuation,” says Helms. “Proactive PR tactics can bring these to life—and can help a company blunt reputational crisis’ hemorrhaging.”

JoTo embraces a nonconventional approach to public relations, with Helms serving as the company’s Chief Evangelist and Anti-PR Strategist. She has identified three key stages to achieve return on investment (ROI) in PR: disruption, exposure and influence. By parlaying these tools in combination with JoTo’s extensive crisis management expertise, Helms has earned a reputation for developing highly effective proactive campaigns.

About JoTo PR:
After doing marketing research on a cross-section majority of 5,000 CEOs of fast-growth trajectory companies and finding out exactly how they used PR, how they measured it and how they wanted the PR industry to be different, PR veteran and innovator Karla Jo Helms created JoTo PR and established its entire business model on those research findings. Helms is the Chief Evangelist and Anti-PR Strategist for JoTo PR. Experienced in crisis management, she learned firsthand how unforgiving business can be when millions of dollars are on the line—and how the control of public opinion often determines whether one company is happily chosen, or another is brutally rejected. Astute in recognizing industry changes since its launch in 2009, JoTo PR’s team utilizes newly established patterns to create timely PR campaigns comprising both traditional and the latest proven digital media methods. This unique skill enables them to continue to increase market share and improve return on investment (ROI) for their clients, year after year—beating usual industry standards. Based in Tampa Bay, Florida, JoTo PR is an established international public relations agency. Today, all processes of the agency are streamlined PR services that have become the hallmark of the JoTo PR name. For more information, visit JoTo PR online at

(1)    Gemalto. 2017 Breach Level Index Report; April 11, 2018.
(2)    Ponemon Institute. 2017 Cost of Data Breach Study; report sponsored by IBM Security; June 2017.
(3)    Equifax. “Equifax Releases First Quarter Results”; press release issued April 25, 2018.
(4)    Wiener-Bronner, Danielle. “Equifax Turned Its Hack Into a Public Relations Catastrophe”; CNN Money; September 13, 2017.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Karla Jo Helms
+1 727-777-4621
Email >