Organizations Aren’t Worried About Data Security — Only Their Reputations

Written by Joe Kozlowicz on Tuesday, December 13th 2016 — Categories: Security

cybersecurity concerns focus on reputationMany cloud discussions center around data security. When infrastructure is out of corporate control, it’s natural to be concerned about the precautions taken to protect vital information assets. Ultimately, cloud security is not any weaker than on-premise data centers, but it turns out that corporate IT departments aren’t really concerned about losing data, anyway.

They’re worried about what everyone else will think if they lose that data.

With only 25% of companies are equipped to handle data breaches, corporations still cite damage to reputation as the biggest risk of being hacked. A recent study from the International Association of Privacy Professionals found that 83% of public companies in the United States cite the impact to corporate reputation as the number one risk of a data breach.

Only 60% cited civil litigation, and barely half (51%) cited regulatory enforcement or remediation (50%). In other words, the damage taken by a brand is seen as far more damaging to a stock than having to pay a fine or sort out bureaucratic entanglements.

In two of the most high profile hacks from recent years, Home Depot and Target did face immediate consumer backlash while they remained in the headline. But of the two, it seems only Target had significant measurable negative impact to the brand, with customer satisfaction dropping 2 points year-over-year according to one survey, and customer service ratings dropping 3.3%. The Target breach also led to a credit rating cut from S&P.

White Paper

Need a Managed Security Solution?

Talk to one of our experts today.

However, two years later, Target seems largely recovered. Home Depot’s bottom line also remained largely unaffected. Are these two brands just too large to be majorly hurt by a data breach? Or are corporations worried about the wrong cyber risks?

Home Depot, for example, paid hundreds of millions in expenses related to the breach. They were insured for only $100 million. The IAPP survey also discovered that 1 in 5 companies would exceed their insurance coverage in the event of a data breach.

It would seem from these previous, high-profile examples that the bottom line is mostly dragged down by actual breach costs, like settling litigation out of court, beefing up security, and notifying customers, rather than by a loss of sales or business from negative public opinion.

For companies that specialize in digital services, especially security, software, or cloud services, that reputation risk is indeed serious. After all, privacy is a key portion of their offering. But for brands outside of these spheres, the reputation hit may be recoverable.