It took one day for ambulance chasers to file lawsuits against Yahoo over its recently announced data breach that exposed the personal details of over 500 million of its users, according to Softpedia this week.
There are many different types of attacks and threats to companies in differing sectors – some sectors have higher value data than others, for example, in the financial sector, they hold critical personal data such as bank account details and in the healthcare sector they hold sensitive patient information. Breached companies will also face differing fines under data protection regulations and laws.
There are many costs to consider while dealing with a breach; incident response costs, and costs associated with detection and escalation of data breach incidents, such as investigative work, audits and assessments, crisis management, plus communications and reports to directors and stakeholders.
You also need to look at the notification costs; Alerting your clients or employees (the ‘victims’) that their personal data has been compromised. This includes IT work associated with the creation of contact databases, determination of all regulatory requirements, engagement of services for consumer protection (such as identity theft services and credit report monitoring for individuals), postal expenditures, and the setting up of secondary contacts to mail or email bounce-backs and inbound communication.
Other costs incurred, depending on the type of breach, are the replacement of credit cards or the cost of lost business, which can include customer turnover as well as a diminished rate for new customer acquisitions.
Loss of reputation is a huge deal for businesses. Security breaches will be thought of by the customer as a violation of trust. They expect all of their data to be secure and trust you to secure it. But it’s not just the impact of loss of trust by your current customers, it has ripple effects in terms of negative word-of-mouth – especially in the age of social media. The old adage “there is no such thing as bad publicity” is trite. Customer information breaches are very bad publicity.
AND don’t forget the lawyers! In Yahoo’s case, they are facing a class action lawsuit that could cost them millions. And that’s only the start…