In 2019, a Hiscox study revealed that, in some form, 61% of UK businesses were breached the previous year, showing that this is an incredibly widespread issue in the UK. With the average time to notice a data breach coming in at 197 days, there is a massive gap in the breach taking place and having the opportunity to do anything about it. How much damage can be done in over half a year of data being breached?
How are breached businesses affected?
Organisations suffer in many ways when they fall victim to a data breach, but the most immediately worrying are the financial repercussions.
Costs that can arise from a data breach include, but are not limited to:
- ICO fines, up to 20 million Euros, or for larger companies with half a billion in turnover, 4% of their annual turnover.
- Investigations for the data breach incident – possibly a third-party organisation or overtime for internal security staff.
- Compensation of affected customers
- Falling share prices
As I mentioned, the instant financial impact isn’t the only thing that can be affected by a data breach. There can also be reputational damages, leading to even further financial worries down the line, even once you’ve paid off the fines!
It can be tough to gain a new customer’s trust in the best of times, so you can imagine how hard it would be after a data breach, especially if the news becomes widespread, or if it shows up as one of the first google results for example. This isn’t to mention how hard it will be to regain the trust of customers you already have! According to a recent report from CISO, a third of all businesses hit with a data breach suffered a loss to their reputation, up on previous years as consumers become more aware of the importance of data protection.
The kinds of breaches that will face the largest reputation and financial effects are ones that contain more sensitive information on customers. For example, if you hold things such as medical history, images, race or beliefs, this is going to hit a lot harder. Imagine the backlash to a customer if it is revealed to the public that they hold beliefs that could lead to prejudice, or if they had a health condition they were keeping private.
This isn’t to say that a simple name and address, or even an email address, wouldn’t cause an uproar. These details can be used for fraud and even if they aren’t, people are becoming a lot more savvy on their rights when it comes to data protection and are exercising these rights a lot more regularly.
The more data you hold on people, the higher the risk and the increased need to follow the rules set out by GDPR and other data security practices.
For information on how we can help protect your customers’ data get in touch today.