The data breach earthquake

The aftershocks of a data breach can be catastrophic to a business, whether it’s the loss of sensitive information such as customer records, or the business’ intellectual property finding its way into the wrong hands.  What is certain, is it will have a detrimental impact to the bottom line in one way or another.

The actual cost is often difficult to quantify. Especially when it comes to intellectual property as it is difficult to know how the information has been used and what the opportunity and potential may have been. However, there are occasions when the cost is all too transparent.

This was demonstrated last December, when during the important Christmas shopping period, Target reported a data breach that had compromised the details of up to 110 million customers.  Last week, Target announced its Q4 figures which all too clearly told the story of the devastating aftermath of this data breach – just about every key metric was down on the same period last year – and its profits and share price had fallen significantly. Already, $61m can be attributed directly to the cost of the breach, and analysts are speculating that it could cost towards $1bn in the end, when items such as notifying those affected, credit checks, insurance and so on are factored in.

The recent Barclays Bank customer records leak also highlights the financial consequences as the bank faces penalties from the Financial Conduct Authority (FCA), which can impose unlimited fines, and the Information Commissioner’s Office (ICO), which can impose fines of up to £500,000.  For many businesses the financial impact may not be on the same scale, but still, when the economic conditions are challenging to start with, what business can afford to throw money away on a data breach that could have been avoided if a data loss prevention strategy had been in place?