Sales drop as corporate data breaches rise

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://net-security.org/secworld.php?id=16785

Consumers avoid doing business with a breached organization at an alarming
rate, according to a new study commissioned by Identity Finder, the results
of which were revealed at Infosecurity Europe 2014.

Financial and banking institutions, healthcare providers and retailers
stand to have significantly increased expenses and lose up to one-third of
its customer/patient base after a data breach:

- 33 percent of consumers will shop elsewhere if their retailer of choice
is breached
- 30 percent of patients will find new healthcare provider if
hospital/doctor's office is breached
- 24 percent of consumers will switch bank/credit card provider if
institution is breached.

"A significant proportion of affected consumers discontinue or reduce their
patronage post-breach," said Al Pascual, Senior Analyst of Security, Risk
and Fraud at Javelin Strategy & Research. "That's real money lost in
customer churn and reduced sales, and certainly demonstrates how the
reputation of the organization hits the bottom line. It's noteworthy that
about a third of people will go as far as to find a new doctor, if their
provider is breached, as we all know healthcare services can be a big
hassle to change."

Target recently quantified the reputational damage and sales impact of
their recent data breach and stated it resulted in significantly reduced
revenue following the announcement on December 19, 2013. However, the
fiscal impacts expanded well beyond sales. Target saw stock prices drop and
estimates $61 million in expenses to investigate the breach, offer
credit-monitoring services, increase call center staffing and procure legal
services.

Not only will revenue go down, but also expenses will go up. There is a
great deal of data supporting a significant increase in post-breach
expenses such as compliance, legal, and victim reparation costs.

The research finds identity protection services alone are a common cost to
each industry:

- 54 percent of healthcare providers offer victims protection
- 40 percent of financial/banking institutions offer victims protection
- 30 percent of retailers offer victims protection.

"Organizations must be more proactive in preventing a breach by
understanding where a data leak can originate. By discovering and managing
sensitive information at its source and not at the perimeter or after the
fact, businesses can identify risk, change employee behavior, and justify
where to spend security dollars," said Todd Feinman, CEO at Identity
Finder.

To protect and manage sensitive data from breaches and subsequent misuse,
ongoing risk assessments for the financial industry, retail merchants, and
healthcare organizations including their business associates is
recommended.

For these assessments to be successful, businesses should proactively
create an internal sensitive data management initiative tailored to each
organization encompassing the following five critical steps:

- Sift through irrelevant data and discover sensitive information
- Classify information and assign accountability to clean and protect
- Secure and remediate unprotected files / remove at-risk data
- Centrally monitor policies, actions, and good behavior going forward
- Report compliance with policy and regulation

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!