Sales drop as corporate data breaches rise
Posted on 01 May 2014.
Consumers avoid doing business with a breached organization at an alarming rate, according to a new study commissioned by Identity Finder, the results of which were revealed at Infosecurity Europe 2014.


Financial and banking institutions, healthcare providers and retailers stand to have significantly increased expenses and lose up to one-third of its customer/patient base after a data breach:
  • 33 percent of consumers will shop elsewhere if their retailer of choice is breached
  • 30 percent of patients will find new healthcare provider if hospital/doctor's office is breached
  • 24 percent of consumers will switch bank/credit card provider if institution is breached.
"A significant proportion of affected consumers discontinue or reduce their patronage post-breach," said Al Pascual, Senior Analyst of Security, Risk and Fraud at Javelin Strategy & Research. "That's real money lost in customer churn and reduced sales, and certainly demonstrates how the reputation of the organization hits the bottom line. It's noteworthy that about a third of people will go as far as to find a new doctor, if their provider is breached, as we all know healthcare services can be a big hassle to change."

Target recently quantified the reputational damage and sales impact of their recent data breach and stated it resulted in significantly reduced revenue following the announcement on December 19, 2013. However, the fiscal impacts expanded well beyond sales. Target saw stock prices drop and estimates $61 million in expenses to investigate the breach, offer credit-monitoring services, increase call center staffing and procure legal services.

Not only will revenue go down, but also expenses will go up. There is a great deal of data supporting a significant increase in post-breach expenses such as compliance, legal, and victim reparation costs.

The research finds identity protection services alone are a common cost to each industry:
  • 54 percent of healthcare providers offer victims protection
  • 40 percent of financial/banking institutions offer victims protection
  • 30 percent of retailers offer victims protection.
"Organizations must be more proactive in preventing a breach by understanding where a data leak can originate. By discovering and managing sensitive information at its source and not at the perimeter or after the fact, businesses can identify risk, change employee behavior, and justify where to spend security dollars," said Todd Feinman, CEO at Identity Finder.

To protect and manage sensitive data from breaches and subsequent misuse, ongoing risk assessments for the financial industry, retail merchants, and healthcare organizations including their business associates is recommended.

For these assessments to be successful, businesses should proactively create an internal sensitive data management initiative tailored to each organization encompassing the following five critical steps:
  • Sift through irrelevant data and discover sensitive information
  • Classify information and assign accountability to clean and protect
  • Secure and remediate unprotected files / remove at-risk data
  • Centrally monitor policies, actions, and good behavior going forward
  • Report compliance with policy and regulation





Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //