News & Resources

Data breaches have high costs for companies

Oct 30, 2013 Dave King

Data breaches have high costs for companies

New statistics are making it unmistakably clear to companies how vitally necessary it is protect their customers' sensitive information.

A recent study by Cintas and Harris Interactive found that two third of consumers would not continue to give business to a company that lost their Social Security or credit card number, thereby jeopardizing their consumer credit data.

Furthermore, the study showed that the range of businesses and organizations that consumers would abandon after their data was compromised is extremely wide. An information breach at a bank would cause 55 percent of customers to take their money elsewhere, while 39 percent would choose a new lawyer and 24 percent would cease to donate to the college or university they attended if the institution lost their data.

InfoSecurity pointed out that the fallout from a data breach may result not only in the loss of revenue, but also in the tarnishing of the brand, particularly where charitable giving organizations are concerned.

In light of these figures, it's imperative that companies take the strongest measures possible to protect their customers' records and prevent the possibility of identity theft.

"Businesses must be proactive in protecting data by using secure document management solutions that guard confidential business, employee and customer information," suggested Cintas Marketing Manager John Otten in the company's statement. "By partnering with a document management provider, companies can implement a customized, secure solution that will help ensure information is protected at all times."

The threat grows more complex

Protecting against data theft is no easy task, and it stands to reason that firms need services to help in the effort.

Verizon's 2013 Data Breach Investigations Report (DBIR) revealed just how fast hackers can compromise a company's most sensitive information. Out of all the breaches the company studied, 84 percent took mere hours or less for data thieves to execute. Opportunistic attacks accounted for 75 percent of the incidents, and 75 percent were also motivated by financial gain.

However, despite the speed with which hackers attack, most companies are slow to respond. The Verizon study revealed that 66 percent of breaches weren't discovered by the compromised firms for months or years, and 22 percent required months of work to contain their negative effects. Furthermore, entities outside the affected companies detected 69 percent of the data thefts studied.

Companies' response times will need to improve, especially since the thieves themselves are exerting considerable effort. Verizon's 2013 DBIR showed that 28 percent of breaches took hackers weeks of investigatory work before the initial execution of the attack. A sizeable 19 percent leveraged one or more tactic, including hacking, malware and email phishing.

Following release of the 2013 DBIR, cyber insurance firm TechInsurance recommended a series of steps for companies to take in order to fend off data theft. At the core of the proposals is the need for businesses to increase awareness both internally and among their clients: Be open with customers about the threat, train employees in best practices and strengthen security measures. Data that could impact a customer's consumer credit report if compromised should always be encrypted and available only to the minimum number of employees who need access, TechInsurance suggested.