by Source Defense
A data breach is one of the worst things that can happen to any eCommerce business. It affects both customers and employees and can have a lasting impact on a company’s reputation and financial stability.
Data breaches have become a fact of life for organizations across the globe. But what happens after a data breach?
- Immediately after a data breach, your company is likely to experience a loss of trust from customers, which can lead to a decline in sales and revenue.
- You may also face legal and regulatory penalties and costly lawsuits from affected individuals or groups.
- Your reputation will suffer, not only with those impacted customers but through poisoned search results that will keep news of the breach alive on the Internet.
- You will also likely be forced to spend significant resources investigating the breach and implementing security measures to prevent it from happening again.
- Disruptions may include hiring cybersecurity experts, updating software, and training employees to identify and prevent potential threats.
In severe cases, disclosure of the breach details to the general public and shareholders can lead to drops in stock prices, staff turnover, and difficulty hiring new talent.
Last year, Filters Fast, a New York-based air and water filtration supplier, agreed to pay the New York Attorney General Office $200,000 to resolve an investigation into a data breach stemming from a Magecart attack in 2019 that exposed the payment card details of an estimated 320,000 consumers. The compromise, which went undetected for nearly a year, included credit card holders’ names, billing addresses, expiration dates, and security codes.
As part of the settlement, the company agreed to make the following changes to its security program:
- Creating a comprehensive information security program that includes regular updates to keep pace with changes in technology and security threats, as well as regular reporting to the company’s CEO concerning security risks
- Designing an incident response and data breach notification plan that encompasses preparation, detection and analysis, containment, eradication, and recovery
- Adopting personal information safeguards and controls — including encryption, segmentation, penetration testing, logging and monitoring, virus protection policy, custom application code change reviews, authentication policy and procedures, management of service providers, and patch management
- Ensuring that third-party security assessments take place over the next five years.
“Filters Fast fell far short of its responsibilities of protecting its customers against attacks on its online platform, and of promptly informing customers of any such attack so that they could take the necessary steps to protect their identities. said Attorney General Letitia James.
The company also offered to provide all 324,000 impacted customers with up to 12 months of identity theft protection services.
The $200,000 settlement appears to be just the beginning of the costs of the Fast Filters data breach. Breach notifications can cost $1 to $2 per customer, adding an additional $324,000 to $648,000. In addition, studies show that incident response costs for a medium-sized data breach of around 250,000 records could cost up to $100,000. Finally, identity theft protection and credit monitoring services can range anywhere from $10 to $30 per customer per month.
When these additional costs are considered, the real cost of the Fast Filters data breach could be between $3.7 million and $10 million—a cost range that coincides with the costs outlined in the latest 2022 IBM Data Breach Report.
Although the immediate consequences of a data breach are a shock to an organization, the full impact can take years to overcome. Companies that suffer a significant breach face ongoing challenges post-incident. These may include:
- Reputational/brand damage, including challenges with customer retention
- Legal costs ranging from fines and penalties to class action lawsuits
- Operational disruption (including staff turnover)
- A sharp decline in stock price or business valuation/acquisition price
- Other financial losses including the cost of the breach investigation, restitution, and PR management
- Loss of market share to competitors
According to data breach studies by the Ponemon Institute, organizations that must meet high data protection regulatory requirements see 53% of breach costs in the first year, 32% in the second year, and 16% more than two years after the breach. This “long tail” effect means some companies may still be digging out from under a previous breach when the next one hits.
Companies may also turn to public firings of CEOs and other top executives in the aftermath of a data breach. However, examples like the Target data breach show that this extreme step often does not help restore customer trust and loyalty. According to IDC, 80% of consumers will defect from a business if their information is compromised in a security breach.
Suffering a data breach is also a recipe for losing market share to competitors. In fact, 52% of consumers said they would consider paying for the same products or services from a provider with better security.
Preventing Digital Skimming Attacks – A Rapid, Low-cost, Set it and Forget It Proposition
As a C-suite executive, you are responsible for everything your company achieves or fails to achieve. The ultimate responsibility for protecting your customer’s data and privacy rests on your shoulders. With digital skimming attacks on the rise, ensuring that your customer’s payment and personal information are protected should be a priority if you want to avoid the dangerous implications of a data breach.
Source Defense prevention solutions can protect your website from the growing threat of Digital skimming, Magecart, Formjacking, and other eCommerce cyberattacks:
- Rapidly deployable
- Cost-effective (in most cases less than .01 per transaction)
- Burden free (no expertise required to manage)
- Set it and forget it (most clients spend less than 2 hours per month in the solution)
For a free analysis of your eCommerce site, schedule a meeting with one of our experts today.
PCI DSS 4.0 makes client-side security a priority.
Source Defense delivers a solution for 6.4.3 and 11.6.1 without adding a burden to your security teams.