Major data breaches have become common headlines in an increasingly digital world.
Recently, for example, one was announced by Capital One which affects about 106 million individuals.
Data breaches are essentially situations involving unauthorized access to material containing sensitive personal information which could compromise confidentiality. They generate substantial costs from an individual, corporate, and economic perspective.
The Privacy Rights Clearinghouse (a nonprofit consumer education and advocacy organization) estimates that since 2005, there have been over 9,000 breaches affecting nearly 11.6 billion records. The actual total could be significantly higher, as this number reflects only known instances. The number of incidents continues to rise due to the increasing sophistication and evolution of the attacks. Data breaches can be the result of human mistakes and behaviors, vulnerabilities in corporate practices or systems, or malicious attacks designed to enter systems and take unauthorized actions.
Individuals affected by breaches may spend a significant amount of time and money dealing with resulting issues, and major incidents typically cost affected businesses millions of dollars. For firms, the impact can be disastrous. In addition to immediate expenses needed to deal with the issue, their reputations and ability to keep and gain customers can be compromised. Settlements may also be required. For example, Equifax is spending up to $425 million to help those affected by its 2017 data breach as part of a settlement with the Federal Trade Commission, the Consumer Financial Protection Bureau, and 50 US states and territories. Many firms have responded with massive investment in cybersecurity and hired talented hackers to work internally to identify and correct vulnerabilities, yet the problem is escalating.
The Ponemon Institute has been analyzing the cost of data breaches for several years supported by IBM Security. The Institute estimates that the average occurrence in the US costs about $8.19 million. The most commonly affected businesses are in the health care sector. Much of the real cost of a breach comes even after more easily measured expenses such as attorney fees and litigation, public relations, and cybersecurity improvements have occurred. The less obvious expenses include insurance premiums, increased cost to raise debt, disruption or destruction of operations, and lost contracts. My firm has estimated that, in recent years, the direct costs alone exceed $70 billion.
Companies employ many strategies in order to reduce the risk of data breaches. Some options come with a high cost, others are difficult to implement, and others impede workflow and even slow innovation. Because technology is constantly changing and threats are evolving, breaches are difficult to prevent and become costlier every year. Preventing and dealing with breaches involves significant outlays and lost productivity, negatively affecting efficiency and disrupting business operations. Be vigilant!!
Editor’s Note: The main image accompanying the above guest column was taken by Jim Lo Scalzo/EPA-EFE/Shutterstock.