Did you know that the true cost of a global data breach is predicted at $53 billion?
In fact, 99 percent of computers are at risk of being hacked, while virtually 100 percent of companies experience successful cyber-attacks. Hackers have reportedly stolen 7x as much data from HBO network as was stolen in the 2014 Sony hack. Notable examples of firms hacked in 2017- Dow Jones & Co., Dun & Bradstreet, America’s Job Link, Arby’s, Verizon, the Republican National Committee.
Timothy Crosby, senior security consultant for Spohn Consulting Services, told Inside Counsel in a recent interview that the actual costs of security breaches aren’t just financial – they’re also in the court of public opinion. “Where companies turn for help after serious data breaches must include a sizable public relations crisis management component to contain potential firestorm of financial and perception losses,” he said.
The $53B figure is a scenario posed by Lloyds of London, a Global Hack that affected most businesses and utility service providers, comparing it to Superstorm Sandy. It includes the loss of productivity, the loss of sales opportunities, and the time it takes to isolate the affected systems and recover lost data. For instance, FedEx’s Netherlands-based ‘TNT Express’ is still experiencing service delays following the attack, caused by the NotPetya cyber-attack, and many of the hardware and software systems are unrecoverable. Outside expertise needed to bring systems back online. If the attack causes widespread utility outages during the middle of Summer or Winter – lives could be lost.
“Most of the losses from this type of attack are not recoverable – you can never get time back,” explained Crosby. “Some equipment and recovery costs will be passed on to the consumers of their products or services if customer confidence is not completely lost.”
FedEx has lost market shares trying to recover, and their stock price was down 3.4 percent in mid-July. Other companies like HBO lost revenue from the hack and release of shows like Game of Thrones. HBO was seen as a victim and will probably not see any long-term affect, they had some of their highest viewer ratings, even on episodes already leaked. But, many organizations that have massive data breaches like Equifax will be perceived as negligent and many may never fully recover. Co-chair of Sony Pictures Entertainment, Amy Pascal ultimately had to step down from her position following the huge data hack of that company in 2014. The firestorm that ensued after she’d aired a show called “The Interview” included President Obama revealing that the hack was done by North Korea’s President who was angered by the show.
“Companies must be diligent in their monitoring and vigilant for security breaches. It is a constant duty to ensure their data and that of their customers is safe,” said Crosby. “What can be done to stem these attacks and minimize the data is utilizing big data analytics to ensure any anomalies are quickly detected and shielded. A cyber security team must be vigilant about the activity on the network. To prevent permanent damage to data and network systems, businesses should employ a host of protection programs that notify personnel when a threat exists.”
According to Crosby, crisis PR is to try and convince the public that even though there was a mistake made – they will compensate those affected and have/will fix the source of the problem.
“Done well, and customers will most likely forgive and forget as soon as the next breach happens, assuming they are not affected,” he said. “Done badly, Equifax bungled the attempt by asking for personal information to determine if a user was affected, then issuing a predictable pin code to those that requested a credit lock.”
Those miscommunications in PR did not increase confidence that they understand the basics of cyber security and privacy protection. They would have been better off saying, “We made mistakes, we are fixing those mistakes and we will be contacting and compensating everyone affected.”