The Businesses Costs of a Data Breach
The greatest fear of any CEO, CIO or CSO is that the security of the sensitive information held by their company has been compromised.The first consideration should be given to the customer; after all, it is their privacy which has been invaded.After dealing with this, there is the nightmare of all the costs which your company will incur as a result.The average cost to a company resulting from a data breach in 2007 was $6.3 million!
A survey conducted by the Ponemon Institute found that 58% of respondents who had received notification that their personal information had been compromised by a data breach had lost confidence in the company and that 31% planned to cease doing business with the company.The cost of notification alone may come to as high as $197 per letter.
Most states now have laws regarding privacy protection in place requiring companies to notify all customers, vendors and employees in the event that personal information has been compromised by a data breach.There are federal laws such as SOX, FACTA, HIPAA and GBL which lay out the responsibilities of companies with regards to the protection on personal information including medical records, credit card information and financial statements.
The FTC (Federal Trade Commission) and other organizations which are responsible for compliance with privacy laws will investigate whether a company whose data has been compromised took appropriate action to ensure the safety of data.Class action suits will be filed on the behalf of those whose information was put at risk and vendors and banks may sue to recoup any losses they have suffered as a result of your data breach.
These are just a few of the ways that a data breach can be expensive for your company - there are both direct and indirect costs which may be incurred.
Direct Costs
1.
Customer notification
2.
FTC fines
3.
Law suits
4.
Falling stock price
5.
Higher insurance premiums
6.
Lower credit rating
7.
Higher interest rates on loans
8.
Lay offs due to reduced earnings
9.
New computer security equipment purchases
10.
New marketing campaigns to reassure customers, media and vendors.
11.Court fees
12.
Attorney fees
13.
Unpaid purchases
Indirect fees are harder to track exactly, but are no less real for that.
There will be a significant amount of time and money which will have to be invested in marketing and advertising campaigns to rebuild the brand and reassure consumers.
The firm itself, especially the executives will find itself carrying the blame for the attack.News of the data breach will be broadcast; and questions will be asked as to where the company went wrong in their computer security strategy - and worse yet, why they didn't do more to protect this sensitive information.
The following is a list of just some of the indirect costs that a company may face ein the wake of a data breach:
Indirect costs:
1.
Damaged company brand and reputation.
2.Greater investment needed to regain customer confidence
3.
Diminishing new accounts.
4.Competition may acquire your customers, giving them more resources to promote their business
5.
Paying for credit reports to for your customers and/or employees.
6.Biennial security assessments for the next 20 years.
7.Employee preparation for biennial security audits.
8.Employee security awareness training.
9.Developing, implementing and managing new security policies.
10.Bad press.
11.Negative stock analysis reports.
12.Corporate executive and managers will have to re-direct their efforts to damage control and rather than corporate growth.
It is far less expensive to prevent a data breach than to pay for all of the costs they can cause your company after the fact.Preventive measures can easily and quickly be put into place; to implement an effective data security strategy, there are four areas of vulnerability which must be assessed: Physical, Employee, Computers and Networks, followed by employee education and implementing an integrated security strategy.
Finally, when the company's executives and managers investigate security solutions, do not forget to include employee convenience in the equation.An employee will always circumvent security for their own convenience.
About the Author
Dovell Bonnett is the author of "Online Identity Theft Protection For Dummies(R) - Power LogOn Edition", founder CEO of Access Smart and hosts IDProtectionExpert. com.
Relaited Links:
- Printing Your Newsletter Is Easy
- The Top 3 Forex Mentoring Programs on the Market Today, the Best way to Learn Currency Trading
- A Guide to Starting Your Own Moving Business
Labels: finance litigation costs, furniture wholesale, seo marketing
posted by Accounter @ 3:11 AM
1 Comments:
I like to pass along things that work, in hopes that good ideas make their way back to me. Data breaches and thefts are due to a lagging business culture – and people aren’t getting the training they need. As CIO, I look for ways to help my business and IT teams further their education. Check your local library: A book that is required reading is "I.T. WARS: Managing the Business-Technology Weave in the New Millennium." It also helps outside agencies understand your values and practices.
The author, David Scott, has an interview that is a great exposure: http://businessforum.com/DScott_02.html -
The book came to us as a tip from an intern who attended a course at University of Wisconsin, where the book is an MBA text. It has helped us to understand that, while various systems of security are important, no system can overcome laxity, ignorance, or deliberate intent to harm. Necessary is a sustained culture and awareness; an efficient prism through which every activity is viewed from a security perspective prior to action.
In the realm of risk, unmanaged possibilities become probabilities – read the book BEFORE you suffer a breach.
Post a Comment
Subscribe to Post Comments [Atom]
<< Home