In 2014, the Identity Theft Resource Center reported that more than 85 million confidential files were compromised in data breaches. That’s 85 million customers, employees and patients who were failed by organizations they entrusted with their personal information.
Those who are exposed must contact their banks, scour their statements for signs of fraud, monitor their credit report and possibly work with law enforcement officials and creditors to reclaim their identity. They won’t forget this brush with identity fraud anytime soon and as a small business owner neither should you.
Let’s say your business has experienced a breach and you’ve already taken all the necessary steps to effectively mitigate the damage—you’ve isolated and eliminated the problem, contacted authorities and sent out notifications to those impacted. It’s almost guaranteed that by now the thought of bouncing between IT and legal one more time is downright nauseating. But, remember, there is no such thing as an overnight fix and the aftermath of a data breach can feel just as relentless as day one.
What does the aftermath entail? Expect incoming lawsuits, shattered consumer confidence, plummeting revenue, a tarnished brand name, exposed trade secrets and a hefty bill.
Lawsuits are one of the most detrimental consequences and the judgments are increasingly favoring consumers. Don’t think that one technical slip up will bring in just one lawsuit, expect several. After Home Depot’s data breach they were hit with at least 44 civil lawsuits. These costs factor into the $43 million price tag of repairing their breach.
Lawsuits are not just costly—they’re time consuming. In 2012, Beth Israel medical center leaked nearly 4,000 patient’s SSNs. Two and a half years later they were ordered to pay over $100,000 in fines. Think two years is a delay? A class action lawsuit brought against Tenet Healthcare took 17 years to settle. While Tenet Healthcare was only ordered to reimburse individuals a maximum of $30 each, the damage was astronomical when you factor in nearly two decades of legal fees.
Even if your customers don’t take legal action after a data breach, consumer loyalty will be nearly destroyed. The 2014 Unisys Security Index found that 59 percent of consumers say they’re less likely to do business with a company that has suffered a data breach. Could you afford to lose more than half of your customers? Clear communication after a breach is key if you want to keep customers from fleeing. Openly explain what happened, what was exposed, how you are resolving the issue and provide them fraud education and related protection services.
Less customers means less revenue. Take it from Target, who didn’t see an increase in sales for a whole year. At Target’s lowest point, the retailer reported second-quarter earnings of $234 million; a bleak comparison to the $611 million they earned in the same period the year prior. In order to revitalize revenue streams you must restore customer confidence, repair brand reputation, and reevaluate your existing systems and strategies.
Did the hacker get their hands on intellectual property information or trade secrets? If so, it’s back to the drawing board to scout out new opportunities and reevaluate weaknesses. Was employee information exposed in the breach? Then you’d better clear your calendar for meetings with legal and HR and get your team together for some open communication regarding the safe handling of personal information or face some major employee backlash. Take USPS for example. They are currently facing charges filed against them by the American Postal Workers Union in response to breached employee information.
But the most importantly you need to do after a data breach is implement new cyber security measures. This includes having a strong data encryption policy, upgrading IT systems, upholding industry standards (including being PCI compliant and in good standing with the BBB) and enforcing privacy protocols among employees. These processes must be reviewed and updated frequently. It may be wise to bring in an objective third-party to help with the implementation and routinely audit and maintain these new systems.
Once updated security measures are in place, it’s time to pay the bill. Any ideas on how much that bill will be?
On average a data breach costs a company $3.5 million USD.
And here’s where all that money will be going: according to IBM, 29 percent of breach costs will be spent on repairing brand reputation, 21 percent will stem from a loss of productivity, 19 percent from lost revenue, 12 percent on digital forensics, 10 percent on technical support and eight percent on compliance regulatory needs.
Many companies have tried but failed to appropriately handle the aftermath of a data breach. The high costs, unhappy customers, and legal hurdles sometimes aren’t worth fighting. The key is to avoid the aftermath altogether by bolstering security, implementing best practices and staying vigilant of cyber threats at all times.
Do you think your organization could survive a data breach and the aftermath sure to follow?
This article was written by John Burcham from Business2Community and was legally licensed through the NewsCred publisher network.