What are the intangible costs of a data breach?

There are six main intangible costs to a data breach: Reputational loss Operational impairments Bank loan covenants Vendor liability Insurance premiums Buyers and investors

How is reputation loss affected by a data breach?

For all companies dealing with personal data, a public breach means an immediate loss of reputation and client confidence. While large brands who are household names often get a lot of attention from the public and media, smaller companies can also face the same negative consequences when they expose client information to attackers. Customers may feel violated and opt to do business with a competitor instead. They may also share their negative experience with your company with their network, posting about your breach on social media and leaving reviews of your company on public channels. Lost clients aren’t the only risk. An episode of the IT pro podcast explored the ramifications of the 2014 Sony Pictures hack, which revealed information on actor compensation as well as some damning internal emails that led to loss of jobs and damaged public reputations of individuals at the company.

How does a data breach impair business operations?

While cyberattacks are costly to both the revenue and reputation of an organization, it can also impact businesses as usual, preventing or hindering core operations. Some notable examples of ransomware disrupting businesses, including the JBS and Colonial Pipeline attacks, took days or weeks to resume operations back to the normal level.

How does a data breach affect bank loan covenants?

In the past, banks would ask businesses for a copy of the balance sheet, financials, and quarterly projections. In an increasingly digital and virtual world, financial institutions are considering plans to incorporate requirements to obtain an organization’s cyberattack plans and any investment in cyberattack insurance. Banks and other depository institutions will evaluate their customer base. Based on risk assessment — the nature and volume of customer data held by a business, for example — the institution will assess the level of requirement as to any cybersecurity-related covenants. The requirements will largely depend on the nature of the borrower’s business. Commercial business loans obtained from businesses that deal with large amounts of customer data will generally be the focus of a financial institution’s requirement for cyberattack plans and proof of cyberattack insurance. While cyberattack insurance isn’t mandatory, that does seem to be the direction banks are headed. Consider the following example. You’re a small business that’s hit by a breach. You ask the bank to loan you money to mitigate the costs. It doesn’t impact the bank, but it does impact you.

How does a data breach affect vendor liability?

With so many organizations relying on third-party service providers to handle employee and customer data, it’s important to be aware of your liabilities as an organization. Vendors are increasingly limiting their liability during contract negotiations, which leaves your company responsible if a breach with your vendor releases medical data, payment details, or other personally identifiable information of your employees and customers. Some new laws, such as the California Consumer Privacy Act passed in 2020, make it possible for victims to file lawsuits for damages. In most cases, however, the entity responsible for controlling the data is primarily the one liable.

How does a data breach affect insurance premiums?

Companies are subject to greater underwriting scrutiny and ultimately increased premiums as attackers become more innovative and their attacks more sophisticated. This trend is anticipated to continue. When it comes to cyber liability insurance, it’s important to understand the connection between controls, insurance companies, and underwriters when determining cost — and how solid cybersecurity policies could bolster your banking relationships, which can potentially lower your cyber liability premium. A U.S. Government Accountability Office (GAO) report on Cyber Insurance: Insurers and Policyholders Face Challenges in an Evolving Market revealed that more frequent and severe cyberattacks resulted in increased demand for cybersecurity coverage and higher insurer costs. In a survey of insurance brokers, more than half of respondents’ clients saw prices go up 10%–30% in late 2020.

How does a data breach influence buyers and investors?

Buyers wants to make sure the companies they buy have good data hygiene; they don’t want to buy a company and find that they’re responsible for costs and lawsuits due to bad practices. Cybersecurity due diligence is imperative — and it should happen before transactions talks begin. While not necessarily related to cybersecurity, scalability is important to buyers and investors. They want to make sure the technology in place is scalable and can grow as the company does without causing major infrastructure issues. Different industries have different standards and assessments for evaluating the security of a company and its data. There are assessments that are pass/fail as it relates to the industry, the standards and requirements they need to meet, and how well they comply.

Article

The six intangible costs of a cyberbreach

Dec. 20, 2021 · Authored by Troy Hawes, Daniel Lee

One of the most important components of managing cyber-risk is prevention. Some organizations, however, sometimes fail to realize that data breaches can cost more than just lost data or access to systems.

The consequences of a cyberbreach can affect various business relationships — insurance companies, banking institutions, investors, or potential buyers, for example. The implications of those intangible costs often mean companies must adhere to criteria that helps them evaluate the security of companies.

There’s no right or wrong way to secure an organization. Each solution should be unique to the structure of the company, the audience you serve, and the type of data you manage. The goal is to strengthen your technology infrastructure to build confidence in your business.

The consequences of a cyberbreach can affect various business relationships — insurance companies, banking institutions, investors, or potential buyers, for example.

What are the financial costs of a data breach?

The average cost of a data breach is $3.86 million, which is a conservative number, according to the Ponemon Institute. Some breaches go unreported because companies don’t want to damage their reputation or lose client trust.

The average life cycle of a breach is 280 days, from identification to containment. During that time, there are costs an organization needs to account for.