Twitter chat: How compromised data creates financial loss, insecurity

Large-scale data breaches are becoming so recurrent in corporate culture that consumers are no longer surprised to receive an email from their favorite grocer, retailer or bank that says, "Your account information may have been compromised." Even though breaches seem to be occurring more frequently (i.e. Target, Neiman Marcus and Michaels Stores), it doesn't make coping with personal data loss or password corruption, or applying for new credit cards any easier.

In May's SearchCompliance #GRCchat, tweet jammers responded to a series of prompts about the business implications of information-related breaches. The first question on the docket asked, "What are the biggest ramifications of a data breach? Is it the financial hit, loss of consumer confidence or regulatory fallout?"

Guest expert Robert Naylor, former CIO at the U.S. Federal Communications Commission, was first to sound off. Naylor focused on cybersecurity and operational efficiencies at the FCC, and he shared his expertise:

Financial is the biggest, as a result of reputational damage, loss of consumer confidence, and remediation to resolve the breach. #GRCchat

— Robert Naylor (@rbnaylor) May 15, 2014

Data breaches are costly, no matter who is responsible for paying up. On January 17, 2007, Framingham, Mass.-based TJX Cos. Inc. announced its computer systems were compromised and customer data was stolen. This led Massachusetts legislators to consider a bill shifting the financial burden of a data breach from banks to retailers. Since then, other states -- including California last week with AB 1710 -- have followed suit. The AB 1710 bill would make retailers responsible for notifying customers of any data breach, as well as hold them accountable for reimbursing customers' financial losses.

Naylor went on to speak about the long-term business damage caused by data breaches:

The long term damage in those areas can linger for much longer after the remediation. #GRCchat

— Robert Naylor (@rbnaylor) May 15, 2014

In the government, agencies are still dealing with the ramifications of the lost Veterans Affairs laptop years ago. #GRCchat

— Robert Naylor (@rbnaylor) May 15, 2014

What about regulatory fallout? Naylor suggested company size and industry play a major role in how breaches impact regulatory compliance agreements:

Depending on the type of organization and the industry, regulatory fallout could be anywhere on the continuum from none to massive. #GRCchat

— Robert Naylor (@rbnaylor) May 15, 2014

For example; a local hardware store would most like have none, compared to an electric utility company, which would be massive. #GRCchat

— Robert Naylor (@rbnaylor) May 15, 2014

SearchCIO Editorial Director Christina Torode added tainted business reputation as another unfavorable data breach ramification:

A1 Reputation. I wouldn't want to be the company name attached to the line "Don't become the next...#GRCchat

— Christina Torode (@CTorodeTT) May 15, 2014

@BenjaminCole11 @CTorodeTT These days, absolutely! Depending on the industry, it is major! #GRCchat

— Robert Naylor (@rbnaylor) May 15, 2014

No matter how IT security teams choose to look at it, loss of customer confidence, soiled company reputation and regulatory fallout will all likely result in huge financial hit. Is your organization prepared for a costly breach?

Stay tuned for more recaps from our #GRCchat here on SearchCompliance. Our next tweet jam will take place on Thursday, June 19 at 12 p.m. EST (topic TBA). Until then, browse this month's conversation and add your two cents.