Real Costs of a Global Data Breach
Did you know that the true cost of a global data breach is predicted at $53 billion?In fact, 99 percent of computers are at risk of being hacked,…
September 13, 2017 at 12:55 PM
4 minute read
The original version of this story was published on Law.com
Did you know that the true cost of a global data breach is predicted at $53 billion?
In fact, 99 percent of computers are at risk of being hacked, while virtually 100 percent of companies experience successful cyber-attacks. Hackers have reportedly stolen 7x as much data from HBO network as was stolen in the 2014 Sony hack. Notable examples of firms hacked in 2017- Dow Jones & Co., Dun & Bradstreet, America's Job Link, Arby's, Verizon, the Republican National Committee.
Timothy Crosby, senior security consultant for Spohn Consulting Services, told Inside Counsel in a recent interview that the actual costs of security breaches aren't just financial – they're also in the court of public opinion. “Where companies turn for help after serious data breaches must include a sizable public relations crisis management component to contain potential firestorm of financial and perception losses,” he said.
The $53B figure is a scenario posed by Lloyds of London, a Global Hack that affected most businesses and utility service providers, comparing it to Superstorm Sandy. It includes the loss of productivity, the loss of sales opportunities, and the time it takes to isolate the affected systems and recover lost data. For instance, FedEx's Netherlands-based 'TNT Express' is still experiencing service delays following the attack, caused by the NotPetya cyber-attack, and many of the hardware and software systems are unrecoverable. Outside expertise needed to bring systems back online. If the attack causes widespread utility outages during the middle of Summer or Winter – lives could be lost.
“Most of the losses from this type of attack are not recoverable – you can never get time back,” explained Crosby. “Some equipment and recovery costs will be passed on to the consumers of their products or services if customer confidence is not completely lost.”
FedEx has lost market shares trying to recover, and their stock price was down 3.4 percent in mid-July. Other companies like HBO lost revenue from the hack and release of shows like Game of Thrones. HBO was seen as a victim and will probably not see any long-term affect, they had some of their highest viewer ratings, even on episodes already leaked. But, many organizations that have massive data breaches like Equifax will be perceived as negligent and many may never fully recover. Co-chair of Sony Pictures Entertainment, Amy Pascal ultimately had to step down from her position following the huge data hack of that company in 2014. The firestorm that ensued after she'd aired a show called “The Interview” included President Obama revealing that the hack was done by North Korea's President who was angered by the show.
“Companies must be diligent in their monitoring and vigilant for security breaches. It is a constant duty to ensure their data and that of their customers is safe,” said Crosby. “What can be done to stem these attacks and minimize the data is utilizing big data analytics to ensure any anomalies are quickly detected and shielded. A cyber security team must be vigilant about the activity on the network. To prevent permanent damage to data and network systems, businesses should employ a host of protection programs that notify personnel when a threat exists.”
According to Crosby, crisis PR is to try and convince the public that even though there was a mistake made – they will compensate those affected and have/will fix the source of the problem.
“Done well, and customers will most likely forgive and forget as soon as the next breach happens, assuming they are not affected,” he said. “Done badly, Equifax bungled the attempt by asking for personal information to determine if a user was affected, then issuing a predictable pin code to those that requested a credit lock.”
Those miscommunications in PR did not increase confidence that they understand the basics of cyber security and privacy protection. They would have been better off saying, “We made mistakes, we are fixing those mistakes and we will be contacting and compensating everyone affected.”
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllSEC Penalizes Wells Fargo, LPL Financial $900,000 Each for Inaccurate Trading Data
US Reviewer of Foreign Transactions Sees More Political, Policy Influence, Say Observers
Pre-Internet High Court Ruling Hobbling Efforts to Keep Tech Giants from Using Below-Cost Pricing to Bury Rivals
6 minute readPreparing for 2025: Anticipated Policy Changes Affecting U.S. Businesses Under the Trump Administration
Trending Stories
- 1Arnold & Porter Matches Market Year-End Bonus, Requires Billable Threshold for Special Bonuses
- 2Advising 'Capital-Intensive Spaces' Fuels Corporate Practice Growth For Haynes and Boone
- 3Big Law’s Year—as Told in Commentaries
- 4Pa. Hospital Agrees to $16M Settlement Following High Schooler's Improper Discharge
- 5Connecticut Movers: Year-End Promotions, Hires and an Office Opening
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250