The Businesses Costs of a Data Breach

The greatest fear of any CEO, CIO or CSO is that the security of the sensitive information held by their company has been compromised.The first consideration should be given to the customer; after all, it is their privacy which has been invaded.After dealing with this, there is the nightmare of all the costs which your company will incur as a result.The average cost to a company resulting from a data breach in 2007 was $6.3 million!

A survey conducted by the Ponemon Institute found that 58% of respondents who had received notification that their personal information had been compromised by a data breach had lost confidence in the company and that 31% planned to cease doing business with the company.The cost of notification alone may come to as high as $197 per letter.

Most states now have laws regarding privacy protection in place requiring companies to notify all customers, vendors and employees in the event that personal information has been compromised by a data breach.There are federal laws such as SOX, FACTA, HIPAA and GBL which lay out the responsibilities of companies with regards to the protection on personal information including medical records, credit card information and financial statements.

The FTC (Federal Trade Commission) and other organizations which are responsible for compliance with privacy laws will investigate whether a company whose data has been compromised took appropriate action to ensure the safety of data.Class action suits will be filed on the behalf of those whose information was put at risk and vendors and banks may sue to recoup any losses they have suffered as a result of your data breach.

These are just a few of the ways that a data breach can be expensive for your company - there are both direct and indirect costs which may be incurred.

Direct Costs
1.
Customer notification
2.
FTC fines
3.
Law suits
4.
Falling stock price
5.
Higher insurance premiums
6.
Lower credit rating
7.
Higher interest rates on loans
8.
Lay offs due to reduced earnings
9.
New computer security equipment purchases
10.
New marketing campaigns to reassure customers, media and vendors.
11.Court fees
12.
Attorney fees
13.
Unpaid purchases

Indirect fees are harder to track exactly, but are no less real for that.

There will be a significant amount of time and money which will have to be invested in marketing and advertising campaigns to rebuild the brand and reassure consumers.

The firm itself, especially the executives will find itself carrying the blame for the attack.News of the data breach will be broadcast; and questions will be asked as to where the company went wrong in their computer security strategy - and worse yet, why they didn't do more to protect this sensitive information.
The following is a list of just some of the indirect costs that a company may face ein the wake of a data breach:

Indirect costs:
1.

Damaged company brand and reputation.
2.Greater investment needed to regain customer confidence
3.
Diminishing new accounts.
4.Competition may acquire your customers, giving them more resources to promote their business
5.
Paying for credit reports to for your customers and/or employees.
6.Biennial security assessments for the next 20 years.
7.Employee preparation for biennial security audits.
8.Employee security awareness training.
9.Developing, implementing and managing new security policies.
10.Bad press.
11.Negative stock analysis reports.
12.Corporate executive and managers will have to re-direct their efforts to damage control and rather than corporate growth.

It is far less expensive to prevent a data breach than to pay for all of the costs they can cause your company after the fact.Preventive measures can easily and quickly be put into place; to implement an effective data security strategy, there are four areas of vulnerability which must be assessed: Physical, Employee, Computers and Networks, followed by employee education and implementing an integrated security strategy.

Finally, when the company's executives and managers investigate security solutions, do not forget to include employee convenience in the equation.An employee will always circumvent security for their own convenience.

About the Author

Dovell Bonnett is the author of "Online Identity Theft Protection For Dummies(R) - Power LogOn Edition", founder CEO of Access Smart and hosts IDProtectionExpert.

com.He provides businesses, campuses, and mobile employees security solutions.

Relaited Links:

• 2 Powerful Wholesale Video Games Business Intelligent Suggestions!
• What to Do When Your Assessments Aren't Working
• Fleet Management Solutions And Your Business