Data breaches are becoming a serious threat to companies of all sizes. But many business leaders are underestimating the debilitating costs associated with a hack — and paying the price for this ignorance.
Data Breach on Someone’s Watch
Look at what happened to Neiman Marcus. Hackers stole the credit card data of 350,000 of the luxury retailer’s customers last year. The breach cost the company $4.1 million and counting in legal fees, investigations, customer communications, and credit monitoring subscriptions. Plus, it suffered a $68 million loss during the holiday quarter.
The company later learned that hackers set off system alarms 60,000 times — but it failed to see the warning signs amid the massive accumulation of data.
In the digital age, companies have to be wary of potential breaches. And leaders are the ones responsible for identifying the threats, taking action, and mitigating the costly consequences.
Underlying Implications of a Data Breach
Cleaning up a malicious breach in the U.S. can cost up to $246 per record. And the effects of an intrusion extend across an organization.
A company can lose revenue, as Neiman Marcus did, or face fines from regulatory agencies. In Massachusetts, for example, a company faces a fine of up to $5,000 for each compromised record. A hacked company can also lose trade secrets.
Breaches can impede financial transactions, causing data to become unavailable or unusable and disrupting business. Furthermore, a defaced website weakens a company’s integrity and credibility. If customers can’t access cloud services, check their accounts, or make purchases, companies could lose their trust as well.
Major Industries Hackers Are Pursuing
Not surprisingly, financial firms are attractive targets. A recent survey of 5,000 senior executives in 99 countries by PricewaterhouseCoopers found that 45 percent of financial services firms had been hacked. Only 17 percent of other types of firms had the same experience.
Health data is also high on hackers’ lists. While a stolen credit card or Social Security number is worth a dollar or less, a person’s medical information can yield hundreds of times more, according to the World Privacy Forum.
Hackers recently stole the personal information of 4.5 million patients of Community Health Systems’ 206 hospitals in 29 states. The government has tracked 944 health institution incidents, affecting about 30.1 million people, since 2009. A majority are tied to theft, followed by data loss, hacking, and unauthorized access accounts.
Very often, successful intrusions can be traced to sloppy management practices. The health information of 500 patients at Cedars-Sinai Medical Center in Los Angeles was compromised when an employee’s laptop was stolen from his home. The laptop didn’t have hospital-required encryption software.
Nearly every industry is at risk. Hackers stole personal financial information of about 25,000 employees of the Department of Homeland Security after a breach in a contractor’s system. But this widespread susceptibility to breaches doesn’t mean leaders should accept this fate.
A Leader’s Role in Protecting the Company
Digital security is not an IT problem — it’s a company problem. If a breach happens, the board won’t call the technology director; it will want to speak to the CEO. Here are a few ways leaders can actively prepare for and prevent breaches.
- Understand what you’ve got. Decision makers should have a full understanding of the data they are housing or interacting with that could present a valuable target for cybercriminals.
- Know the law. Examine any data security regulations governing your industry. If a breach occurs, which regulatory body should be notified?
- Make a plan. Administrators and employees should know their responsibilities ahead of time so they can react quickly if any suspicious activity is discovered on the network or within their internal systems. The plan should include timely public announcements.
- Ensure that your culture emphasizes security. Leaders should implement tangible security programs that employees are actively involved in. Everyone should be responsible for securing their information, not just the chief information security officer and members of the compliance and technology organizations.
- Invest in training. This is especially relevant for compliance and technology security staff. The methods malicious users utilize to attack organizations are constantly changing, and it’s critical that your employees keep their skills up-to-date.
- Run security assessments on your network. This allows an organization to potentially find security issues before a malicious user does. Prioritize external-facing systems during the scan to locate holes.
- Monitor compliance. Target was breached because an HVAC contractor was given remote access to its systems without requiring two-factor authentications. And when hackers stole the personal or credit card information of 100 million customers, it cost the company an estimated $148 million in losses in one quarter.
Data breaches can compromise a company’s reputation and financial stability. And as a leader, your name is associated with your company’s preparedness and response to a hack.
To lessen the burden or even bypass a potential cyber attack, you need to understand the extent of this threat, actively plan for it, and properly educate your employees. When you’ve prepared for the worst, you can protect the positive customer rapport you’ve worked so hard to build.
Never miss an issue of Linked 2 Leadership, subscribe today here.
Learn, Grow & Develop Other Leaders™
Image Sources: investigators.net.au