The personal data of up to 143 million US citizens was stolen from credit ratings giant Equifax earlier this month. That’s nearly half the country’s population.
Social security numbers, birth dates, addresses and driving licence numbers were exposed, with hackers also accessing credit card details for 209,000 Americans.
Australian organisations pay out AU$2.51 million on average following a data breach.
According to ABC News, Australian and New Zealand customers haven’t yet been caught up in the scandal. Nevertheless, Bloomberg figures suggest the company’s global exposure could be as high as US$143 billion (AU$177 billion) under federal law, plus any punitive damages.
But these are the direct financial costs of a breach. The long-term impact of customers losing confidence in an organisation can be even more severe.
Let’s examine how reputational damage affects businesses.
The cost of breaches in Australia
Research from the Ponemon Institute and IBM found that Australian organisations pay out AU$2.51 million on average following a data breach, with each stolen or lost record costing a business AU$139.
Reputational damage is just a portion of this total cost, albeit a significant one. The figures show that Australian firms pay an average of AU$790,000 per data breach for ‘lost business’ costs, which include:
- Customer churn;
- Increased customer acquisition activities;
- Reputation losses; and
- Diminished goodwill.
A recent Kaspersky Lab report breaks down the numbers even further. The company estimated that global enterprises spend on average US$200,000 per incident to repair brand reputation damage, while SMEs pay US$8,000.
A business’s industry can have a notable impact on factors such as customer churn. The Ponemon Institute and IBM research showed breaches hit finance and tech firms the hardest, while hospitality and retail consumers are more forgiving.
— Simona Magni (@simona_magni) August 19, 2017
What does this mean for Australian businesses?
Australia experienced its biggest ever data breach last year. The information of 550,000 prospective donors to Red Cross Blood Service became available online due to human error at one of the charity’s third-party providers.
“It doesn’t matter how big or small your company is – a damaged reputation can harm any business equally.”
Organisations must tackle both inadvertent mistakes like the one above, as well as increasingly sophisticated cyber criminals.
“It doesn’t matter how big or small your company is – a damaged reputation can harm any business equally,” stated Konstantin Voronkov, head of endpoint product management at Kaspersky Lab.
Unfortunately, no organisation can fully protect itself against data breaches. Businesses must therefore ensure they are comprehensively covered against any potential cyber security threats to their operations – both internal and external.
Talk to MGA Insurance Brokers to discuss your cyber insurance needs.