By David Chamberlin, General Manager, Dallas
Over the past several months, data and data security have been at the center of public discourse as a number of stories and scandals have come to light. Three of these stories have made major news. A high profile malicious data breach at Twitter led to more than 250,000 users’ data being compromised. The Chinese military is alleged to be collecting information from both the public and private sectors in the United States, including state secrets and privileged corporate information. Finally, the revelation by activist-whistleblower turned international fugitive Edward Snowden of the National Security Administration’s collecting of domestic phone and internet records through the PRISM program continues to stir controversy today. All of these have played roles in making data, and the risks and costs that unsecured data can pose, a top-of-mind issue.
The simple fact is that all organizations run the risk of having their data compromised. No matter if a business deals with private financial information, personal health records or a trade secret that provides a competitive advantage, there is a hacker somewhere in the world who sees this valuable information as a potential mark. Data breaches pose major reputational risks to organizations. Breaches that result in the loss of proprietary or confidential business information can make a company look ill-prepared, careless or incompetent and customers expect organizations to safeguard their information.
According to the Ponemon Institute’s ninth annual “Cost of Data Breach Study,” the average data breach in the United States now costs an organization over $5.4 million in a combination of detection, notification, post-breach and lost business costs. Additionally, 41 percent of data breaches in the United States are now the result of criminal or malicious attacks. It is also interesting to note that data breaches in the United States that are result of a malicious attack are 60 percent more costly than those attributed to a system glitch or human error.
The study has also been able to determine factors that led to a lower cost of that breach. It’s often said that “poor planning on your part shouldn’t constitute an emergency on mine,” but in the case of a data breach, planning is the principal thing that will save a company money. According to the Ponemon study, organizations that had an “incident response plan” at the time of their breaches saw an average cost that was $42 less than the national average, per compromised record.
So what does this mean for senior executives? Reputation is one of an organization’s most valuable assets and managing it when a data breach occurs is not about spin and is not a job to be left to the legal department. It is a management function that must begin at the top. When a breach occurs, every interaction must be well planned and aligned, including media interviews, customer and employee outreach, regulator and policymaker interactions and operational decisions. The only ways to mitigate the reputational and financial repercussions of a data breach are, following the Boy Scouts’ lead, to be prepared.
No comments:
Post a Comment