Despite a greater emphasis being placed on data security, data breaches are on the increase.  Whether through sophisticated social engineering techniques or more technical attacks, cybercriminals are trying every available tactic to profit from this sensitive information.

According to one report, within the first nine months of 2019, 5,183 breaches were reported, exposing over 7 billion compromised records. Up 33.3% on the previous year with records exposed more than doubled, up over a 100%.

In a recent study, more than half of the recipients (57%) said they do not have a Cyber Security policy in place, rising to more than two-thirds (71%) of medium-sized businesses (250 to 549 employees).  This is somewhat shocking considering the potential consequences, exposing companies to significant risk and placing them under the microscope with both customers and regulators.

This week we will publish a significant potential consequence of this daily, starting with:

Financial Loss

The financial impact of a data breach is one of the most hard-hitting consequences that organisations.  It is estimated that the cost of a data breach has risen 12% over the past five years.  If as a result of a ‘scam’ via phishing for example, the loss may not even be noticed for some time, perhaps not until the next financial audit.

The hit can include compensating customers, responding to the incident, investigating the breach, investment into new security measures, legal fees, not to mention the eye-watering regulatory penalties that can be imposed for non-compliance with the DPA 2018 and GDPR.

Tomorrow we’ll take a look at reputational damage.

Reputational damage

The reputational damage resulting from a data breach can be devastating for a business. It is estimated that up to a third of customers in retail, finance and healthcare will stop doing business with organisations that have been breached. Additionally, the majority will tell others about their experience, and 33.5% will post on social media.

It todays world of instant communication organisations can become a national, even global, news story within a matter of hours of a breach being disclosed. This negative press coupled with a loss in consumer trust can cause irreparable damage to the breached company.

Consumers are all too aware of the value of their data and if organisations can’t demonstrate that they have taken all the necessary steps to protect this data, they will simply leave and go to a competitor that takes security more seriously.

Reputational damage does not go away and can impact an organisation’s ability to attract new customers, future investment and eveb new employees to the company.

Legal Action

Under the DPA 2018 and GDPR, organisations are legally bound to demonstrate that they have taken all the necessary steps to protect personal data. If this data is compromised, whether it’s intentional or not, individuals can seek legal action to claim compensation.

We recently posted a piece on a UK Legal Firm offering a no win no fee service for anyone who suspects their data may have been compromised.  There has been a huge increase in UK as victims seek monetary compensation for the loss of their data.

Equifax’s 2017 data breach affected more than 145 million people worldwide and the company has paid out more than $700 million in compensation to affected US customers. Whilst this is at an extreme end, SMEs could find themselves risking compensation of around £5k per person whose data is compromised.  As it rarely only affects one individual, how many SMEs would be able to withstand such claims in the hundreds, followed by action by the ICO could see a fine in 6 figures.

As the number of breaches continues to rise, we can expect to see more of these group cases being brought to court.

Operational Downtime

Business operations can be heavily disrupted in the aftermath of a data breach. Organisations will need to contain the breach and conduct a thorough investigation into how it occurred and what systems were accessed. Operations may need to be completely shut down until investigators get all the answers they need. This process can take days, depending on the severity of the breach. The knock-on effect on revenue can be substantial.

Loss of Sensitive Data

If a data breach has resulted in the loss of sensitive personal data, the consequences can be devastating. Personal data is any information that can be used to directly or indirectly identify an individual, whether held electronically or on paper. This will include everything from a name to an email address, IP address and images. It also includes sensitive personal data such as biometric data or genetic data which could be processed to identify an individual.

If a critical patient had their medical records deleted in a data breach it could have a serious effect on their medical treatment and ultimately their life. Biometric data is also extremely valuable to cybercriminals and worth a lot more than basic credit card information and email addresses. The fallout from breaches that expose this data can be disastrous and exceed any financial and reputational damage.

Regardless of how prepared your organisation is for a data breach, there is no room for complacency in today’s evolving threat landscape. You must have a coordinated security strategy in place that protects sensitive data, reduces threats and safeguards your brand’s reputation.