Business - January 29, 2019
Every year, thousands of high-profile attacks are launched against enterprises of all sizes in the United States. Counting those driven by automated malware, there are millions of attempted network breaches each and every year.
Over the last decade, the frequency, size, quantity, and acceleration of attacks have continued to grow far beyond what was imaginable only a short time ago. Hackers now have countless targets to choose from: Credit card data, corporate credentials, and Social Security information, among others.
Each enterprise has its own collection of sensitive data and assets that may come under attack at any time. While there is no way to precisely calculate the losses a given organization may suffer, there are three broad categories:
• Direct Costs
• Revenue Loss
• Business Disruption
• Direct Costs of a Data Breach
It takes an average of more than 200 days for organizations to uncover a data breach once the earliest evidence is noticed. Outside actors notify organizations of a breach more than two thirds of the time. It may cost millions to completely extract hackers – who may have had full data access for years – isolate affected systems, and protect sensitive information.
Consumers now expect most organizations that suffer a breach will offer credit monitoring to their affected users. Retail rates for these services range anywhere from $10 to $30 monthly for every customer. You may be paying such rates for years to come.
Class action lawsuits follow virtually every noteworthy data breach. These not only result in tens of millions in costs, but ensure additional overhead and complexity over multiple years. Legal fees, settlement amounts, and federal entanglements all prolong the pain.
From retail to healthcare, many organizations have complex compliance requirements. Even if you had achieved 100% compliance, you are typically required to pay fines after a breach. These can range anywhere from $50 to $90 per affected individual for companies responsible for financial data.
In-house costs of data security expertise are notoriously high. Tools, solutions, and service providers, can all be extraordinarily expensive. Compensating and retaining top security talent is particularly onerous and requires long-term commitment.
Insurance premiums skyrocket in the aftermath of many security incidents – if you even manage to retain your coverage. Premiums can rise across the board when insurers reassess the threat landscape. Only countervailing security investments can offset the increased risks.
No matter your industry, loss of consumer confidence makes a significant difference for years to come. A sharp drop in both revenue and customers can be expected in the wake of a publicized breach. Sometimes, the damage may linger for years and cast company culture in a poor light.
Financial analysts take long-term reputation damage and negative publicity into account when making recommendations to investors. This can cause opportunities for capital investment to evaporate and may completely destroy early stage enterprises reliant on investment for growth.
Payment card processors have every right to withdraw their services from enterprises that have experienced a major lapse in security protocol. While this remains rare, it would be a death blow to many brands whose customers could not be expected to shoulder payment inconvenience.
Historically, stock prices have rebounded in time even when breaches are perceived by the public as particularly egregious. However, with lower stock price comes an opportunity cost that cannot be recouped. A loss of $10 or more per share is not unknown and may be sustained for months.
CEOs and CIOs are at greatest risk when a data breach takes place. Boards and investors want to see someone accept blame, even in cases where little more could be done. Not only do some executives “fall on the sword,” but the org chart may expand to add more strategic IT roles.
A major breach tends to sideline the company strategy for a long time to come. Expected hiring and investments are put on hold. New products and services may be slowed. A company’s whole outlook could be impacted long-term in the most insidious ways.
After a breach, some in the public blame the hackers, while others point the finger at the firms victimized. The difference? The perception that you’ve taken every step possible to protect customers’ sensitive data.