We’re fortunate to work with a lot of great customers at Netop and frequently they share interesting details about their business, industry and operations. One such data point that stood out came from a large utility company who revealed that a potential security breach would cost them more than $10,000,000!
We wondered how could they be so confident of the monetary damages without actually being hacked and without knowing what, if anything, was lost. It turns out that their calculations were based on a worst-case scenario with lingering damages.
To justify its comprehensive security measures, the telecommunications giant, Verizon, takes a “wouldn’t it be horrible if,” or WIBeHI, approach. Like our utility customer, Verizon recognizes that a security breach can have more of an impact on a company’s branding and reputation than on the monetary loss of data or money.
For example, the attacks earlier this year of TrendNet’s video cameras will forever be linked to their search results and the theft of consumer credit cards from POS devices at 150 Subway restaurant chains received so much attention it over-shadowed the company’s spokesman, Jared.
According to Dr. Lawrence A. Gordon, the Ernst & Young Alumni Professor of Managerial Accounting and Information Assurance at the Robert H. Smith School of Business, “research shows that a large data breach can drive a 4 percent to 5 percent drop in market capitalization.” For many publicly traded companies, this can easily equate to more than $10,000,000 lost in market capitalization.
Whether applying WIBeHI, or some other acronym, companies need to take into consideration long-term repercussions to their business and customers when evaluating security strategies. Responsibly should not fall entirely on the IT department either. Senior management must be proactive in administering policies and procedures designed to protect company and customer data.