Six Ways Data Loss Affects Your Business in the Long Run
The lockdowns of the pandemic forced many businesses to move their operations online with little time to prepare. Offices across the country closed and workers began to do their work remotely. The rapid increase in cloud-based work, remote collaboration, and video conferencing contributed to an ever-increasing attack surface.
Businesses large and small faced challenges, but for enterprises, the task of securing data as it flowed among thousands of geographically-dispersed employees was enormous. When the work of the business is done on-site, the organization can control the security of its data by keeping it in-house. However, once the workforce began working remotely, relying on personal devices and unregulated ISPs, the risk of attack grew exponentially.
These vulnerabilities did not go unnoticed by cybercriminals. The number of attacks by state-sponsored entities and collaborative hacking groups increased exponentially in 2020, with the threat continuing to worsen in the years since.
If you think that once the bleeding has stopped, the breach has been addressed, you should know that a data loss event can have long-term impacts on your business. IBM’s study found that while 61% of the financial impacts of a breach are felt in the first year, 24% of the impacts occur in the next 1-2 years, and 15% of the costs are borne after that.
The longtail costs and residual effects of a data breach affect organizations for years following a breach event.
- Loss of sales
Even if your breach is caught early and you can quickly fix the problem, you will undoubtedly experience a slowdown in profit-making activities when you divert personnel and financial resources. In addition, if your organization must move to protect customer or vendor data, slowing or stalling production, you will likely have a loss of sales and revenue for that time.
The threats faced by businesses are not always external, which is why user access management controls are so important. Research has shown that data breaches perpetuated by insiders (employees or other trusted entities) can cost an average of 20% of a company’s annual revenue.
Within just a few short months, Travelex went from being an international currency exchange giant to the verge of bankruptcy due to a damaging ransomware attack. This breach occurred because the company failed to patch known vulnerabilities. While the business has resumed operations, they were forced to take their business entirely offline for months to contain the virus and regain control of their data, losing tons of revenue.
- Productivity disruption
Data breaches disrupt productivity when hackers corrupt, remove and hold your data for ransom. As a result, daily business operations may be slowed or delayed as you work to track down the problem, close gaps in your security, and remediate the breach.
Between 2020 and 2021, the average downtime experienced by companies who have suffered a breach ranged from 15 to 23 days. And in certain industries, this much downtime can be devastating behind affecting the bottom line. For example, in healthcare, productivity disruptions due to data loss have dangerous impacts on the quality and timeliness of patient care.
- Business closure
For large, multinational organizations, spending millions to mitigate a data breach causes temporary pain, but such an expense would bankrupt many small businesses. The cost to mitigate and repair a data breach is sufficient enough to force many small businesses to close their doors forever. In fact, studies have found that 60% of small businesses are forced to close their business within 6 months of a cyberattack.
Code Spaces was a successful online code hosting website when it suffered a DDoS attack. When they tried to repel the attack, the hackers deleted all of their data, and just like that, it was over for Code Spaces. Shortly thereafter, the owners shared that Code Spaces could no longer do business and closed their doors.
- Damaged relationships with customers, clients, and vendors
As it turns out, customers don’t like it when their personal information is compromised. After discovering a breach, companies must notify the affected individuals and businesses that their data has been stolen and offer solutions such as credit monitoring or additional help to mitigate the damage. This notification process, combined with the negative publicity that is sure to follow, can make it difficult for customers to trust your organization with their data. This lack of trust slows growth and .
- Legal implications of a data breach
As more and more companies suffer data breaches, customers have begun to take legal action against businesses for not keeping their data safe. Attacks against Target, Colonial Pipeline, Scripps Health, and others have resulted in costly class-action lawsuits. Litigation in these cases can entangle a major corporation for years, so instead, many of these companies stop the bleeding by agreeing to pay millions in settlements.
Also, since governments have begun to take cybersecurity more seriously, regulations such as the GDPR have been created to protect consumers and motivate businesses to take action to protect their data. Noncompliance with these regulations can result in massive fines. Multinational companies have the greatest exposure risk, because they are bound by laws in multiple jurisdictions. For example, when Marriott’s data breach in 2018 resulted in the leak of millions of customers’ data, they were initially fined $28 million in the U.S. However, in the U.K., their failure to comply with GDPR requirements resulted in an additional fine of $124 million. They were then also fined by the Turkish government.
- Exposure of confidential information
In today’s privacy-minded world, loss of confidential and sensitive data spells big trouble for businesses; and when an attacker steals data such as names, addresses, email, phone, or even worse, payment information, the consequences can be devastating.
Capital One fell victim to a data breach in 2017 and was eventually hit with a fine of $80 million from the U.S. Government and was ordered to pay $190 million to their customers in a class action lawsuit. These customers, who had their personal information disclosed, sued the company for failing to exercise appropriate care in protecting their confidential data.
WIth widening attack surfaces and an increase in cyberattacks since the pandemic, the risk of exposing confidential information has grown. As have the legal implications. A growing number of jurisdictions are adopting data privacy laws; and more recently, government sponsored cybersecurity initiatives are gaining traction.
Three Real Life Examples of Data Loss
The ways data loss affects a company can be seen in these real life examples of when huge companies lost their data in big ways.
In March of 2021, Facebook was attacked by a bad actor, and data was scraped from over 500 million customers. This data was then published on a hacker forum and given away for free to anyone who wanted it. Facebook chose not to notify the victims of this breach but has since patched the vulnerability that allowed the breach to occur. While the reputational impacts of this breach of consumer trust are difficult to quantify, the company did have to pay a fine of $5 billion to the FTC for failing to protect user data.
Yahoo has fallen victim to a major data breach twice. In 2013, hackers stole and released personal user data for over 3 billion accounts. Then, after nearly four years of working to strengthen their security, they were struck again. In 2016, a state-sponsored entity hacked Yahoo, compromising another 500 million accounts.
As a result of these breaches, Yahoo settled a class-action lawsuit in 2019 for $117.5 million and was levied a $35 million fine by the government for failing to disclose the breaches promptly. In addition, Yahoo had to commit to spending over $300 million to improve its data security. Nearly a decade later, Yahoo is still paying for the initial breach.
In 2017, Experian suffered an even more devastating attack that resulted in the loss of profoundly sensitive customer credit rating data. To make matters worse, the breach was due to a failure to fix a known vulnerability with a patch that was widely available, and they took weeks to inform the victims. As a result, Experian paid between $575 and $700 million to settle claims, and had to offer the victims (147 million of them) ongoing credit monitoring services free of charge.
Preventing data loss should be a key priority for businesses
Whether the breach is a theft of confidential data or a ransomware attack, these events have long-lasting implications for businesses. According to IBM, it takes an average of 280 days for an organization to discover a breach, which then takes months or years to mitigate.
Why It’s Important to Keep Data Safe
The risk of a cyberattack is greater than ever, partly because businesses are collecting and storing more data. In addition, the internet of things has brought more devices online than ever, from the monitors employees use at their desks to coffee makers in the kitchen. Then, comes the growing number of apps and software organizations and their employees rely on to get work done day-to-day. Every device connected to the network and app/software used by anyone in the organization’s workforce, present threat actors with another potential doorway to the network that can be exploited. As a result, the attack surface that needs defending has expanded dramatically.
Types of Data Held By Businesses
Now, businesses have to protect many types of data stored locally or on cloud-based servers, regardless of how and where the data is being accessed. Here are just some of the types of data that businesses routinely collect and store:
Customer data – this data could include basic personal information such as names, addresses, and contact information. Some businesses also collect data such as social security numbers, credit scores, and payment information – deeply sensitive data that must be vigorously protected.
Intellectual property – Businesses that sell merchandise or services based on patent-protected processes, designs, or recipes must ensure that their intellectual property is kept secure.
Financial data – The loss of financial data can cause significant disruptions to daily operations, impacting transactions with vendors, payroll functions, and the ability to source operating capital.
Vendor data – Large enterprises have relationships with many vendors, from software companies to those that supply paper products. Supply chain attacks begin with a single target and use that target to infiltrate other organizations that do business with them.
What’s the difference between a data leak and a data breach?
When it comes to data security, businesses want to defend against data breaches and data leaks. These terms sound very similar but have different meanings.
Data breaches are intentional acts that steal, corrupt, or release proprietary data. These acts can be perpetrated by cybercriminals acting alone or as part of an organized group such as a nation-state or collaborative. Or, a breach can occur through the intentional actions of an insider.
Data leaks are unintentional acts that result in the loss or release of proprietary data – often the result of careless data handling or inadequate security measures. For example, a leak could be caused by a lost password or an open laptop in a coffee shop.
When data loss does occur, it won’t matter if the loss was due to an intentional act or if it was merely an accident. The data held by enterprise businesses, from confidential employee data to intellectual property, is no less valuable than their physical infrastructure. Any loss of data, whether it be vendor data or proprietary product designs, can have long-tail impacts that hinder business growth for years to come.
Four Main Categories of Business Data Loss
Data security is a lot more than just keeping hackers out. Businesses lose data for many reasons, not all of which are nefarious.
There are four main categories of data loss: human, software, hardware, and natural.
Insider attacks, errors, and careless handling of data are all human causes of business data loss. IBM’s “Cost of a Data Breach 2021” report found that 20% of data breaches were caused by compromised credentials. Credentials can be compromised when employees share data in an unprotected way (via public wi-fi, for example) or send company data to the wrong email address.
Software can be misconfigured, corrupted, and infected with malware. If a breach compromises the security of your cloud-based file storage, confidential company files can be lost or stolen.
The other two categories of data loss may seem unavoidable, but that’s only partly true. Hard drive failure and mechanical damage to physical servers are ways that hardware can lead to data loss. Natural causes include natural disasters and power outages. While mechanical failures and natural disasters can occur without warning, you can take proactive steps to prevent data loss by frequently backing up your servers and investing in an uninterrupted power supply (UPS).
Each of these causes can significantly disrupt daily operations and cost the business millions of dollars to remediate. To avoid the consequences of an unexpected data loss, you need to defend your assets with the proper tools.
Why Do Businesses Need to Protect Their Data?
Do you know how many devices access your company’s data every day? Businesses face many threats to their data security, partly because of our ever-enlarging attack surface. Data breaches negatively impact businesses and individuals in the short and long term.
Here are some of the ways data loss will immediately impact your business:
- Extra personnel and financial resources will be needed to manage the legal and logistical fallout of a breach – from investigation and mitigation to customer notification
- Retrieval of lost data is costly, time-consuming, and sometimes futile
- Diverting resources to manage a crisis disrupts business operations
- Data breaches cause major damage to your reputation due to a breach of public trust
How to avoid data loss with software solutions
Data Loss Prevention software is designed to harden your defenses. With the right DLP software, you can:
- Ensure regulatory compliance – DLP software not only protects you from a breach, but can also protect you from liability should a breach still occur.
- Track data access and usage – Who has access to what data and for what purpose?
- Prevent unauthorized access and misuse of data – Your DLP software can provide access controls that protect your data from both intentional breaches and unintentional leaks.
The average losses from a data breach come to more than $3 million, and that figure doesn’t even quantify the long-term impacts of reputational damage and potential litigation. The impacts of a single breach can damage a business for years or cause it to fail completely.
Your company’s data is worth protecting. DLP software, zero-trust access and permissions, and a comprehensive cybersecurity policy are essentials for protecting your business against data breaches and leaks.