Why Worry About Data Security?

Data breaches continue to be an everyday occurrence. We see them in the news all the time. The recent Equifax breach is only the latest in a long string of breaches. Competitors, former employees, and state-sponsored groups seek companies’ trade secrets in order to bolster competing businesses. Hacktivist groups seek to damage the reputation of companies by publicizing sensitive information. Organized crime rings seek sensitive information for profit.

The consequences of data breach liability are becoming apparent. Merchants sued for data breaches are paying staggering amounts to investigate and settle the cases against them. The TJX Companies set aside $107 million to cover the litigation against it and regulatory actions. Heartland Systems set aside $73.3 million for breach expenses in 2009.

Although TJX and Heartland are huge cases, other companies discover (or perhaps fail to discover) smaller security breaches every day. For instance, former employees departing companies commonly misappropriate trade secrets and confidential information as they leave their employment. Security breaches, both large and small, cost companies real money every day in investigation and remediation costs, litigation costs, customer anger, reputation losses, loss of competitiveness, and ultimately, loss of revenue and shareholder value.

The Business Risks of Data Security

Security breaches damage a company’s business and create financial and legal risks. First, a security breach involving the loss of trade secrets or confidential information may imperil the future of a company’s business. Companies depend on keeping the new product and services they are developing away from competitors. Customer lists are critical to sales efforts. The loss of these key assets jeopardizes a company’s ability to compete in the marketplace.

Second, the costs involved with responding to a security breach are considerable. Companies responding to breaches may hire computer forensic experts to examine the cause of the breach and preserve evidence. They may retain information security firms to close vulnerabilities. In addition, companies may engage public relations and crisis communications experts to deal with consumers and the public to protect their reputation. All of these expenses are in addition to legal fees incurred in the investigation and possible defense of claims brought by consumers against companies that compromised their personal information. For major breaches, the legal fees alone could amount to millions of dollars.

Finally, security breaches impact a company’s reputation. Customers may start to feel uncomfortable doing business with a company that apparently did not, before the breach, prevent the compromise of their sensitive information. The loss of reputation may cause customers to move to competitors or deter potential customers from doing business with the company. A reduction in customer business hits the pocketbook with reduced sales revenue and lost profits. Ultimately, the damaged reputation and diminished revenue stemming from a breach may reduce shareholder value and cause stock price drops.