I took a look this week at the wonderful Information is Beautiful website, which features a depiction of data breaches by size and type of breach, and sensitivity of data – a stark reminder of how data breaches are now affecting everyone, everywhere.
Companies, their leadership, and security teams are now under more pressure than ever before due to the increasing focus on corporate data security.
Embattled healthcare provider Anthem is the latest company struck by a data breach, and is spawning headlines around the world. The company has already been named as a defendant in six separate class-action lawsuits filed in federal courts in Alabama, California, Georgia, and Indiana. In addition, attorneys general in at least six states, including California, Connecticut, and Massachusetts, have launched investigations into the breach. Whether senior executives will be laid off is as yet uncertain.
Home Depot spent US$43 million dealing with the fallout from one of the largest ever data breaches last year. The $43 million was spent on investigations, providing identity theft protection services to consumers, increased call center staffing, and other legal and professional services. The retailer warned that it expects “to incur significant legal and other professional services expenses associated with the data breach in future periods.” At the time of the breach, Home Depot also faced 44 actions filed in courts in the US and Canada, with the company stating that it expected more claims to be filed on behalf of customers, payment card brands, payment card issuing banks, and shareholders.
In 2014, the Texas State Comptroller’s office fired an undisclosed number of information security executives following a data leak that exposed Social Security numbers, driver’s license numbers, and names and addresses of more than 3.2 million Texans. The data was transferred in an unencrypted manner (against Texas administrative rules) and the error was only discovered more than 10 months after the files were put on the server.
The CEO of Target, 35-year company veteran Gregg Steinhafel, stepped down in May 2014. This move came less than two months after the CIO, Beth Jacob, had resigned. After the breach, the company faced more than 80 related lawsuits, including some from card issuers, as well as federal and state investigations into how the company responded to the attack. The company’s profits dropped by 46% in its fourth fiscal quarter in 2014, while the retailer announced in August that its second-quarter earnings dropped 61.7%. In total, the data breach is reported to have cost Target $148 million.
Preparation is key
No amount of spending can completely protect organizations from highly sophisticated cyber attacks, but how prepared an organization is in the event of a breach can mean the difference between a speed bump in the road or a catastrophic event. According to Ponemon Institute, senior executives and boards of directors may have been complacent about the risks posed by data breaches and cyber attacks in the past, but there is now a growing concern about the potential damage to reputation, class-action lawsuits, and costly downtime that is motivating executives to pay greater attention to their organizations’ security practices.
The Have I Been Pwned website can help you identify which of your email addresses have been affected by a breach.
Here at IT Governance we are firm believers of ISO 27001 as a comprehensive solution to protecting your data and information assets. As a pioneer in the field of ISO27001 implementation, IT Governance has led hundreds of successful certifications by companies of all types, industries and sizes. With the world’s first ISO27001 remote consultancy offering, any organisation can gain first-hand access to the extensive experience and knowledge of IT Governance’s consultancy team. Our simple, no-quibble guarantee of 100% successful registration has been tried and tested by hundreds of organisations worldwide. FastTrack™ is a proven delivery model that gets you to registration fast – 100% guaranteed.