Bad reputation: The indirect costs of data breaches
June 23, 2014

The direct financial damages associated with data breach should be plenty to get decision-makers moving on more effective and modernized security controls, as the average is often pegged at or around half a million dollars. For a small business, this could mean the end of operations, while larger firms will also struggle to regain their footing when a major instance of data loss strikes their systems.

However, one of the more difficult issues to overcome when privacy controls fail is the lack of trust and admiration among consumers, both those that have been frequenting the business for years and the ones that would otherwise be interested in becoming patrons in the future. Considering how many individuals have been impacted by identity theft throughout the past several years, it is not surprising that a data breach would lead to such poor recognition of a company, highlighting another reason why advanced access controls are critical in today's market.

Brand management 101
Tim Wilson, writing for Dark Reading, recently explained that the latest piece of research from the Ponemon Institute, titled "The Aftermath of a Mega Data Breach: Consumer Sentiment," revealed the heavy toll information exposure has on the average victimized organization. The survey was sponsored by Experian's Data Breach Resolution unit, while it questioned hundreds of consumers in the United States regarding their thoughts on security.

According to the author, the survey found that data breaches were the single most devastating type of issue that a company could face in terms of brand reputation, with labor disputes, public lawsuits, environmental disasters and other events trailing behind the exposure of information. This is to say that virtually every type of bad press cannot compete with the negative impacts of a data breach, and companies that want to retain customers will need to remember this when going through technology provisioning procedures.

Wilson stated that roughly one quarter of respondents were fearful about identity theft, while those who have frequented a business that was struck by a breach had a much more common fear, at roughly 45 percent. He pointed out that retail, credit card and social media breaches impacted a large portion of the respondents throughout the past two years. Surprisingly, the study found that consumers were largely inactive following a data breach that hit close to home.

"This inaction may be a result of data breach 'fatigue,' as 30 percent of those surveyed received at least two data breach notifications and 15 percent received three in the last two years, while 10 percent received more than five," Ponemon stated, according to Wilson. "Unfortunately, more than one-third of consumers ignored the data breach notification from the company and did nothing. However, almost 30 percent of consumers accepted the offer of free identity protection services."

Sound business practices
As assets continue to stream into the digital arena, companies must become more focused upon protecting information and systems from the threats that abound in the modern marketplace. One of the clearest lessons that has been learned in recent years is that the traditional passwords and credentials which are still in use among a majority of businesses and consumers are simply not cutting it anymore, and maybe never have. 

Leaders should consider leveraging advanced identity and access management solutions such as authentication to protect their reputations from being ruined by a major instance of breach. These tools have proven to be simultaneously more preferable from the user's perspective, as they are generally more intuitive and easy-to-use, while also further protecting information and systems from unauthorized access and manipulation.