The Increasing Cost of Non-Compliance

Jorge Flores

Welcome to another beautiful Friday! Let’s start off today with a fun fact.

This Day in History: February 24, 1955

"A young boy is born to University of Wisconsin graduate students Joanne Simpson and Abdulfattah Jandali. He is given up for adoption and taken in by a machinist and his wife in Mountain View, California. His name was Steve Jobs."

Data Breaches: The Expense That Keeps Rising

As many of you already know, the Online Trust Alliance (OTA) just released their latest report: The 2012 Data Protection & Breach Readiness Guide. This report highlights some interesting statistics from companies that experienced data breaches in 2011; the year fittingly dubbed as “The Year of the Data Breach”. Let’s take a look at some of the more notable numbers included in the report.

• 558 | The number of high profile breaches
• 126,000,000 | The number of records affected
• 76 | The percent of breaches that exploited server weaknesses
• 92 | The percent of breaches deemed avoidable using basic security tactics covered in PCI compliance
• $318 | The average cost per record taken (more than $100 increase from last year!)
• $7,200,000 | The average total cost of a single data breach incident
• $6,500,000,000 | The total annual economic impact of data breaches last year

A striking trend is becoming evident with each subsequent annual breach report. The sheer size of data breaches is getting larger and the financial impact is following suit.

What this study doesn’t cover however is another staggering trend presenting itself in the wake of a publically known data breach; the startling increase of class-action lawsuits filed against the breached companies. Let’s dial it back to February 2009 to a precedent-setting personal injury lawsuit stemming from a data breach incident. In Krottner v. Starbucks, the 9^th US Circuit Court of Appeals ruled that, in order to take a case to trial, plaintiffs need no longer show actual harm or imminent threat of harm stemming from a data breach incident. They only need show an increased risk of harm.

This legal precedent completely changes the legal environment in regards to breach victim response. As a result, many class-action lawsuits are being filed more quickly than ever. No longer are victims waiting months or for actual financial impact to file a lawsuit. The majority of data breach lawsuits are filed in days or even hours after public disclosure.

So if you think the costs of PCI compliance are too much for your company; think again. The cost of non-compliance is steadily increasing; and it only takes one incident to do astounding damage to your brand, customer loyalty, and most of all, your pocketbook.

Remember: 76% of organizations go out of business within 1 year after a data breach. That number jumps to 90% within 5 years.

Want some more information on the financial impact of a data breach? Sign up for our free webinar, “Accessing the Financial Impact of a Data Breach” next Tuesday, February 28^th at 12pm EST. Just go to our homepage www.anx.com and click the banner to sign up!

Sources:

http://www.internetevolution.com/author.asp?section_id=1192&doc_id=239545&f_src=internetevolution_sitedefault

This Day In History Source: http://www.tommerritt.com/2012/02/24/tech-history-today-feb-24/