Data breaches probably won't ever truly be a thing of the past. However, with a smart security approach, the likelihood of a company enduring such an occurrence on a catastrophic scale can certainly be diminished. After all, failing to take preventative measures may impose innumerable consequences, financial and otherwise. Here are some of the major costs associated with data breaches.
Everything has a Price
Companies may not realize that even data that seems to be of the most trivial nature has quantifiable value. And, it is also often surprising to learn that there is someone out there willing to shell out for it. In many cases, a simple name, address, and date of birth will suffice to initiate a loan or credit card application. With the ubiquity of online transactions, it really isn't difficult to use stolen or falsified information.
The other big problem, of course, is that there may also be a heavy price associated with stopping someone from using or disseminating any stolen information. Although some information stealers seek to sell the data they obtain elsewhere, such as the black market, others will try to use it as leverage or even corporate ransom. And, depending on how valuable the particular data is, there is no telling how expensive this could be. In addition, it may be necessary to hire counsel to navigate the situation, which at an hourly fee can become quite costly.
Intellectual Property: The cost of compromised data and how to prevent it.
More than Litigation and Settlement Costs
Most people immediately think of the litigation costs inherent in data breach rectification. This is an undoubtedly inescapable pecuniary consequence. But, the class action lawsuits brought by the individuals whose information was stolen are usually settled out of court. Because of this, the details of the settlement often remain a mystery and thus it is actually pretty hard to gauge what such breaches cost. However, in the case of the Target data breach from 2013 we do know that the retail gaint settled a customer class action lawsuit for $10 Million, as well as two lawsuits with Mastercard and Visa for $39M and $67M.
In addition, the settlement figure is likely dependent on the sensitivity of the pilfered data. Obtaining a name and email address is not quite as egregious as gaining access to private medical records. Thus, the kind of data your company has in its possession will impact how big that final settlement figure is in the event of a breach. And, there are obviously so many other expensive factors beyond that, such as attorneys' fees, investigation expenses, and the PR needed to do damage control.
These are just litigation-related costs broadly speaking, but there are a ton of other costs as well, like employment costs for additional hires, investments into new software and systems, and security consulting fees. Ultimately, a lot of this is avoidable by adopting a proactive security strategy from the beginning.
Financial Repercussions Linger
Even though there are hefty costs associated with the initial clean up post data breach and the inevitable lawsuit arising from it, there are plenty of costs that linger on for quite some time, and even indefinitely. For example, new software may be required, with the need for regular updates and testing, ongoing IT audits may be court ordered, and insurance premiums will likely skyrocket. Companies will essentially have to spend even more money to prove to shareholders, clients, and whomever else that they will not succumb to the same fate twice.
Again, many of these costs and problems are easily circumvented by simply making data security a priority from the outset.