Legal updates and opinions
Post Author
News / News
Average data breach costs SA companies R50m
With data breaches becoming commonplace it seems as if businesses need to now consider not whether they will be victims of a data breach but rather when.
People doing business with any company expect them to keep their data safe. So when there is a data breach it results in not only a large cost to the company but also a massive loss of trust by clients, many of whom will never deal with the company again.
Recent research by the US’s Ponemon Institute, which conducts independent research on data protection, showed that a data breach costs South African companies on average $3.06m or nearly R50m. By comparison, the average data breach in the UK costs $3.88m (R60m), Germany $4.78m (R73m) and in the United States, $8.19m (R130m), the most of all countries.
The costs of data breaches are so high because there are four cost components to any data breach:
- Detection and escalation; which are activities that enable companies to detect and report the breach.
- Notification; the activities the company must undertake to notify people whose data has been compromised, as well as informing regulators.
- Post data breach response; processes to help customers communicate with the company and also the related costs of redress
- Lost business; the largest single cost of a date breach at 36% of total cost. This includes lost business such as revenue loss, business disruption, system downtime and customer acquisition.
The research also showed that globally, the average cost of lost business after a data breach was $1.42m (R22m.)
When surveyed by Gemalto, a Dutch digital security company, nearly two-thirds of people indicated that they would likely end their relationship with a business after their personal information had been exposed. Such is the strong negative correlation between data breaches and customer loyalty.
But it’s not just a once off event and then it’s business as usual. There is an insidious long tail impact too that most organisations are not prepared for. Not only will a business likely continue to bleed customers for years after a breach, but it also deters customers who were considering using the company such is the damage to brand and reputation.
Can new customers be acquired?
Yes, but at a much higher cost than before the breach. This higher cost of acquisition is a long term phenomenon and an ongoing cost for companies which reduces profits. When businesses consider the full impact of a breach, they are likely to take much greater care to prevent it happening.
Latest News
Your customer consented to direct marketing – but can you still contact them after they have registered on the National Opt-Out Registry?
by Tebogo Sibidla, Director Many businesses assume that once a customer has consented to direct marketing, they may continue contacting [...]
Employers have rights too: Rebalancing the modern workplace
by Bradley Workman-Davies, Director South African labour law is often discussed through the lens of employee protection. That is unsurprising. [...]
From policy direction to regulation: Is South Africa finally achieving rapid deployment?
by Corlett Manaka, Director and Head of Disputes, Akhona Bilatyi, Director and Kuhle Joja, Associate In September 2024, we published [...]
South Africa: Merger Notification Thresholds and Filing Fees Increase from 1 May 2026
by Ahmore Burger-Smidt, Director and Head of Regulatory and Raisah O Mahomed, Associate South Africa's Minister of Trade, Industry and [...]
“Corporate Death by Winding-Up”: Pretoria High Court Reaffirms the Badenhorst Principle
by Eric Levenstein, Director and Head Insolvency & Business Rescue, Amy Mackechnie, Senior Associate and Clio Patricios, Candidate Attorney A [...]
South Africa’s Information Regulator: What the 2025/26 Annual Performance Plan means for Business (as presented to the Portfolio Committee on 5 May 2026
by Ahmore Burger-Smidt, Director and Head of Regulatory “It is only the inner sanctum of a person, such as his/her [...]
