Disaster recovery planning must include informing data breach victims of their possible losses.

Study: Small businesses less likely to report data breaches

Business resumption is not always easy following a data breach, but it is important for companies to be as forthcoming as possible, as it will make the recovery process much easier for all parties involved.

According to a study by the Ponemon Institute, organizations averaged 52 fraud events in 2012, which averages out to one data breach per week. With the previous reports from 2011 showing that the average cost of a data breach was $194 per lost or stolen record, security issues can become expensive quickly.

The research explained that fraud is also costly because it often takes companies an average of 87 days to realize that there is a problem and more than three months to find its cause.

Another study by the Ponemon Institute found that small businesses in particular were less likely to report that a data breach had occurred. Of the 1,200 U.S. companies surveyed – all making less than $10 million annually – 55 percent reported at least one security issue.

However, a more disturbing fact was that only 33 percent of the compromised companies in the survey said they had informed data-breach victims of their losses.

Eric Cernak, a vice president at Hartford Steam Boiler, the Munich Re subsidiary that commissioned the Ponemon study, told Bloomberg Businessweek that some companies often think they're small enough that full disclosure isn't necessary. 

"They'll say: 'Let's just sweep this under the rug. We're not going to report it because no one's going to find out about it,'" he said.

In the long-run, it will not be beneficial for companies to try and make issues disappear. Customers will be even less likely to work with an organization if they find out such details were kept from them. By partnering with business continuity consultants, firms can create a detailed disaster recovery plan, which will help them bounce back as quickly as possible following any data breach.