In addition to the time and energy it takes to rectify the situation, a data breach has the potential to severely affect a corporation's brand equity over the long term. Depending upon the type of information lost as a result of the breach, the average loss in the value of the brand ranged from $184 million to more than $330 million, with an average brand value prior to the breach of $1.5 billion. Hence, the minimum brand damage was a 12 percent loss, increasing to nearly a one-quarter loss of the brand value in some instances.
"A solid reputation is a company's greatest asset, and it is therefore imperative that business leaders take precautionary steps to protect themselves, their customers, their employees and their intellectual property against data breaches," said Ozzie Fonseca, director at Experian Data Breach Resolution. "The way business protocols worked five years ago, even two years ago, has drastically changed, and we must prepare ourselves for the new threats to data and privacy. Data breaches are happening to all businesses— small, medium, and large—and no industry is immune."
All companies are susceptible to breaches of data, yet many are not prepared or equipped to handle the aftermath. Research findings showed that 43 percent of the companies represented in the survey had not instituted a data breach incident response plan prior to having such a breach. Companies spend a great amount of time putting crisis plans together—who's going to call whom, who can speak to the media, etc. However, they are not including data breaches as part of this plan. In addition, most companies surveyed reported that they had experienced more than one data breach in the past few years.
"The loss or theft of sensitive customer data, as our study quantifies, can have a serious impact on the economic value of a company's reputation," said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. "We believe this study makes a powerful point about the importance of taking steps to reduce the likelihood of a data breach."
To help companies protect their reputation and keep customer and proprietary data safe, Experian Data Breach Resolution offers the following tips:
Create an incident plan so your organization is prepared to readily respond to a breach should it happen. Outline exactly what steps you'll take if or when a breach occurs. Build your company's response team in advance, including members with expertise in legal, public relations, compliance and risk management. Communication to consumers and government officials should be done simultaneously, so make sure to dedicate adequate resources in your company plan. Conduct data breach simulations and hold regular security training sessions with employees to review the company's policies about data protection.
Be proactive instead of reactive. Start with prevention and assume that at some point you will experience a breach—and not one that you're likely to discover until the damage has been done.
Here's what can be done now to help secure and protect the information your company is responsible for:
- Segment sensitive data and restrict access
- Wipe physical media and shred paper documents
- Demagnetize external media and overwrite hard-drive data
If you don't have the internal resources or know-how to cover the likely aspects of fallout from a potential breach, call in a third-party specialist to partner with your company through the breach resolution process. Having an expert on hand can help expedite the resolution, limit legal liabilities and increase customer satisfaction. Being prepared before a security breach occurs can mean a big difference to both your company's bottom line and its reputation.
For more information, visit http://www.experian.com/databreach.