Facebook recently bought WhatsApp for $19 billion. With around 450 million active users at the time of the deal, the “value per user” is $42.
There is not only one reason why Facebook bought WhatsApp, but one of the main reasons is the huge value of the database. WhatsApp counts many users in developing countries, which is quite interesting for Facebook.

eCRM programs and eCommerce websites also deal with invaluable loads of data. Well, not really invaluable, since some formulas exist and can give you a “value per consumer account”.

The goal here is not to compare every bit of data to money, but just to realize that some big companies perfectly now how precious their consumers’ data is.
None of these companies would survive without their data, and would really suffer from data incidents.

No matter how big your business is, no matter how many users/consumers/customers you have, your web business is tightly linked to the health and safety of that data.

Think of online healthcare services, like web applications allowing patients to view the results of medical tests. What if a data leakage happens, if some script kiddies are able to break into these systems and retrieve the database to make it public or use it to blackmail people?
There’s in fact no need to focus on healthcare websites, the vast majority of web applications that use a database deal with personal data, at least logins and passwords. These are very precious to users, who frequently use the same password on multiple websites, unfortunately.
No matter how big you are, data deserves security.

The cost of data insecurity

Every case is specific, the consequences will depend on your own business, and would require a real risks analysis to determine potential impacts.

As a first step, think of the data you have in your website, and consider what would happen in the following scenarios:

  • complete database deletion
  • data theft (silently, without you knowing it)
  • data alteration or modification

In any case you might face user complaints, business loss, business theft if a competitor gets the data, brand damage.

What’s the cost of security?

The cost of security is obviously less than the cost of insecurity. It does not protect from all risks, like in any risk management strategy, if only because no one can actually identify 100% of the risks, but it’s vital.
Security should begin with a risks analysis, to identify threats (and opportunities) and be followed by a security plan, tailor-made to meet the needs of the company.

When you know that a complete penetration test on an average-size web application costs a few thousand euros/dollars, and that a data theft caused by a simple injection flaw can ruin a company, it does not take long to decide which option to go with.