It’s one thing when stock prices tumble due to events beyond a company’s control, but it’s quite another when organisations lose value because of preventable situations like data breaches. Data breaches are an increasingly common threat and although the risk posed by a specific breach varies according to the type of information accessed, any loss of data raises valid concerns for employees, partners, customers and investors.
The Ponemon Institute undertake an annual review of the Cost of Data Breaches and in their 2012 ‘Aftermath of a Data Breach’ report, they quantify some of the key consequences as:
- 50% reported a loss of productivity
- 41% reported a loss of customer loyalty
- 25% reported a decline in company share price
In their 2013 report, Ponemon noted that human errors and system problems caused two-thirds of data breaches in 2012 and pushed the global average cost to $136 per record lost.
According to the leading risk insurer Aon, reputational crisis can result in a loss of company value of up to 90%, not something any business could take lightly.
Take Heartland Payment Systems for example. In 2009 they lost 50% of their market value and financial results released by Heartland in 2010 showed that the card payment processor has accrued $139.4 million in breach-related expenses, including legal fees, forensic costs, reserves for potential fines and other related settlement costs. It took Heartland over a year to recover from the stock market plunge.
So, what can be done to avoid these situations happening in the first place? Businesses can go some way to managing the risk themselves, through more stringent communications processes, corporate policy, data classification and information management policies. However, in our experience, policy is not worth the paper it’s written on if it’s not enforced. Organisations also need to use specialist tools that proactively help the user (and therefore the business) protect that sensitive data – I bet if the senior executives at any company who experienced a data breach knew more about the low-cost solutions out there, these situations may not have occurred in the first place.
So there’s no doubt that Data breaches are expensive – both in direct income and balance sheet terms – and the impact on market capitalisation and share value could be substantial. However for any organisation, their ability to continue to generate business often boils down to the strength of their reputation, so it is perhaps this indirect cost which should be of most concern, as it’s probably the hardest one to repair.