2. The cosTs of ignoring securiTy
Many of the most publicized security failures in recent years can be attributed to short-sighted leadership decisions to save a few bucks on security in the short term. Take TJX’s (TJ Maxx) record breach of 94 million customer records—it all came as a result of an upper level management directive to wait on upgrading wireless security.
Why not spend that money up front and avoid all of those millions in breach costs?
As a CEO, what risk to the bottom line are you willing to assume for the sake of saving a few dollars in the coming years’ budgets? In TJX’s case, they’ve paid hundreds of millions of dollars as a result of the breach—many, many times the amount it would have cost to upgrade their technology and practices.
Last year, one of the security gurus with Forrester Research took a quantitative look at just how much poor security practices were costing enterprises. Analyst Khalid Kark found that the average security breach can cost a company between $90 and $305 per lost record. The financial effects can be staggering for a company with millions of customers.
Kark used a number of very real factors to come up with this projection. First of all, data breach legislation in most states now puts companies on the hook to disclose any data breach to those affected. Just the sheer cost of going through notification
proceedings can put a big dent in the bottom line. Add to that the cost of litigation, regulatory punitive fees and the cost of consultants to perform an investigation of the breach and it becomes clear why breaches cost so much. The shame of it all is that once this money has been laid out, the new scrutiny you’ll face will force your company to spend more on the security program you should have implemented in the first place. Why not spend that money up front and avoid all of those millions in breach costs?
The largest cost associated with ignoring security, however, still may not be completely quantifiable. The loss of brand equity is a huge risk posed by lax security practices, one which many CEOs need to address. Brand is the bedrock upon which most major enterprises build. When that bedrock cracks, many businesses have a hard time recovering.
Remember ValuJet? The high-flying discount airliner had a quality brand in the mid- 1990s until one of its jets crashed into the Everglades in 1996. The disaster proved
...they’ve paid hundreds of millions of dollars... many, many times the amount it would have cost to upgrade technology and practices.
CuTTING THE COST Of COmplIANCE wITHOuT COmprOmISING SECurITy
Pat Clawson sits down to discuss the biggest compliance challenges and how organizations can effectively address compliance.