The Hidden Costs of Breaches
Employees aren’t always the source of enterprise data breaches, but according to the Global State of Information Security Survey (conducted each year by PwC, CSO and CIO) they remain on the top of most likely suspects. Although a motivated attacker is difficult to defend against, anything you can do to mitigate the risk from “drive-by” attacks, that your employees can fall victim to, will help to fortify your business.
There’s no end to the market studies that attempt to quantify the cost of a breach, but while they all provide valuable benchmarks for financial modeling, they miss some of the big, and subtler, costs to an organization that suffers a breach. I view these as the “hidden costs” of a breach and, in many ways, they can be far more impactful and difficult to quantify with a dollar value. Make sure you’re taking these into consideration when you’re thinking about how your business will really be impacted by a breach.
- Lost productivity – in the wake of a breach an organization will be in an “all hands on deck” situation, and that may go on for months or years. Victims of major breaches that I have spoken with talk about having to dedicate resources from their security, IT, legal, communications, and other teams on an ongoing basis to managing incident response. For large breaches I’ve examined, that can extend for up to two or more years after the breach was disclosed.
- Lawsuits – be prepared because you’re likely to be hit with at least three major lawsuits that, depending upon the nature of your breach, may seek class-action status. These can take years and millions of dollars in outside legal fees, discover and settlement costs to resolve.
- Difficulty recruiting – you’ll find it even more difficult to recruit security and IT staff because of the impact to your business’ reputation and the workload associated with the ongoing incident response. Remember, your employees still have their regular job responsibilities to conduct in addition to those associated with the breach response.
- Lower morale – as your teams dwindle and you struggle to replace departed employees, everyone ends-up with more work on their shoulders and can easily burn-out
- Realizing that you’ll need to replace customers – in certain markets, particularly finance, retail and healthcare, you will lose customers in the wake of a public breach. It will cost a lot more to replace those lost customers than it did to maintain them.
- Expanded scrutiny among partners and customers – remember all those business partners that were happy to accept your self-attestation with regards to your security practices? They’ll all want to audit you now.
- Executive job risk – some of your executives’ jobs may be at risk, from the CISO and CIO up to the CEO and members of the board of directors
Keep employees—and your company—safe. From the editors of CSO magazine, Security Smart is a quarterly newsletter ready for distribution to your employees—saving you precious time on employee education! The compelling content combines personal and organization safety tips, making it applicable to many facets of employees’ lives.