This past year has been one of trials and tribulations for many top companies. Examples include revelations of massive data breaches from Yahoo, Uber, Dropbox, and Equifax. These events spilled personal and financial information on millions of U.S. consumers and sent ripples across the business landscape. Business leaders have to be asking themselves, If industry giants are vulnerable to data breach, what chance do we have?
A robust cybersecurity policy is a must-have for any company. But what happens when security measures are bypassed and sensitive information is leaked? What are a business’ responsibilities regarding protecting consumer data? And, if your system is breached, how do you reveal this to the public?
CyberPolicy tackles these questions and more.
Do Companies Have an Obligation to Protect User Information?
Earlier this year, Equifax spilled personal and financial information on 145 million consumers. The breach was so massive, security experts speculated about reissuing Social Security numbers to every single American adult!
The security incident was apparently caused by outdated software; an entirely avoidable circumstance. Even more shocking, Equifax was breached twice in the same year. Why aren’t companies doing more to protect people?
Companies have a responsibility to their customers. Businesses can be sued for not ensuring the safe storage or delivery of private data. This can lead to millions of dollars in legal fees and settlements.
And what about your responsibility to uphold your brand’s reputation? How many customers or clients do you expect to work with if you are irresponsible with their sensitive personal or financial information?
How/When Should You Reveal a Data Breach?
Data breaches can be a tricky thing. Sometimes they’re discovered immediately. Other times it can take months or even years to discover. Whatever the case may be, it is always best to reveal the incident early on.
Equifax received a lot of flak for disclosing their data breach only after several executives sold off their stock. Uber, on the other hand, revealed a close-call breach when it changed CEOs. While Uber is trying to do the right thing, it’s admittedly too late.
The key is to reveal the incident as early as possible without causing panic. Try sending out periodic or rolling public updates. You can start with, “We have discovered an incident which we are investigating.” Instill confidence in your customer base. You want the public to understand you are doing everything you can to handle the situation, with consumers being top of mind.
How to Overcome a Security Incident?
Overcoming a security breach is no easy feat. You may have lost customers, suffered damages to your reputation, or paid out big bucks in a class-action lawsuit. These financial burdens can really drag a company down. Well, a company without cyber insurance, that is.
Cyber insurance is an essential risk-management product for businesses of any size. Cyber insurance protects companies against financial damages brought on by data breach or cyberattack. Depending on your policy, this includes legal fees, business downtime, credit monitoring, data recovery, network repairs, and more.
Visit CyberPolicy for your free quote today! Do you have cyber insurance as part of your cybersecurity policy?