Following a data breach, the affected company and its customers are left with a myriad of questions. How did this happen? Why did it happen? When did the malicious actors get into the networks? What did they take? And while they try and take time to pick up the pieces by asking these questions, another question must be addressed, and rather quickly — What now? For many companies, the following are some things that can be expected to ensue after a data breach.
Loss of Vital Information
Businesses who encounter a data breach can expect exactly what the cyber attack says — data to have been taken from the company via this network breach. The types of data malicious actors are trying to steal can include anything on company systems including customer personally identifiable information (PII), financial information from both customers and the business itself, and intellectual property which helps the company to be unique and successful. When this information is stolen, not only does a company lose its ability to operate, but there is also a shift in that business’ relationship with its customers.
This aforementioned shift in the relationship between the company and its customers is not a positive one. A data breach causes an immense amount of distrust to be felt by the public toward said company. The customers of a company are understandably upset because the company was not a good steward of the customers’ private, personal, and sometimes financial information. Especially for a small business, this can be a major hit to the company and its future success. Many customers will chose to take their business elsewhere following a data breach and this is just one of the ways that businesses rocked by a data breach will see their financial reports impacted.
Loss of Money
With an air of distrust around a company, customers will likely turn to other alternative companies who have stronger cybersecurity defenses or at least those who have not yet succumbed to a cyber attack. The public perception of any company can make or break its success. Though some customers may return in time as happened following the Target and Home Depot data breaches, a large chunk of those who once trusted the company with their business will not risk their personal and financial data again.
On top of a loss of customers and their patronage of a business, a company that encounters a data breach may also face fines and fees related to this lack of security. Fines may be demanded by The Payment Card Industry Security Council if the situation for a particular breach shows that standards were not met. This is yet another consequence which is more difficult to deal with for a small business than for a Fortune 500 company. Small businesses do not often have the extra capital to fork over for such costs and some either have to downsize or close their doors in order to make such payments.
Particularly for companies who have been hit by multiple data breaches, the distrust from the public can snowball into incredibly mad consumers who demand to be compensated for the stress of losing their financial and personal data. Following the Target data breach, there was a 97-page settlement for the class action lawsuit filed against the company. Those who were affected by the breach could potentially get up to $10,000 as compensation from Target. Yahoo is a company which has had four known data breaches over less than a half a decade– just four years. The company has now been slapped with a $117.5 Million Settlement. On top of this, the company has said that it will invest over $300 million into cybersecurity over the next few years and will quadruple its cyber staff. Not only did they have to pay big for the settlement, but because they allowed things to get so bad, their investments are far grander than they likely would have had to have been if they had prevented data breaches rather than responding.
Cybersecurity Approach Should Be Revisited
Considering all of the other factors that could happen following a breach — loss of information, reputation, and money, among others — if your business experiences a data breach and is able to recover, much of this loss can be recovered or at the very least, the company can bounce back somewhat. As was seen in the example of Yahoo and its repeat data breaches, investing in cybersecurity as a preventative measure, while costly in and of itself, pales in comparison to the costs a company is impacted by following a cyber attack such as a data breach. Hire a strong IT security team, invest in protection of your systems, and educate employees on the best practices they should have when it comes to cyber safety.