Hacked Companies Are Facing Data Breach Lawsuits Filed by Financial Institutions
Data breaches aren’t cheap to clean up. Just ask
Rosen Hotels, whose costs to clean up a 2016 breach could end up exceeding $2.4 million. Shockingly, that’s below the $4 million average cited by IBM. In addition to direct costs, such as fines, labor to actually perform the cleanup, and bills from atto
eys and PR firms, organizations are increasingly facing additional exposure in the form of data breach lawsuits – and not just from their customers.
Banks and credit unions, who must eat the losses when payment card numbers are stolen, are starting to fight back and demand reimbursement in the wake of POS system breaches. Fast-food chains Arby’s and Wendy’s, along with retailer Eddie Bauer, are facing class-action data breach lawsuits filed on behalf of financial institutions. Meanwhile,
the Home Depot recently settled a similar suit for $25 million; this is in addition to the millions of dollars it is expected to pay for plaintiffs’ atto
eys fees and the millions more it has already spent on fines and other cleanup costs.
Financial institutions aren’t the only parties that may file data breach lawsuits. Rosen Hotels is being sued by its commercial liability insurance company, which is alleging that Rosen’s policy did not cover data breaches. Additionally, the employee tax data phishing scam that was all the rage in 2016 reemerged just in time for the 2017 tax season, so the next round of lawsuits may stem from organizations’ own employees.
Preventing Breaches Is Far Cheaper Than Cleaning Them Up
Arby’s, Wendy’s, Eddie Bauer, Rosen Hotels, and the Home Depot have something in common, and it’s not just that their POS systems were hacked. All of them are examples of the high cost of reactive cyber security, which focuses on cleaning up after breaches happen instead of preventing them in the first place. This is the crux of the data breach lawsuits the banks are filing; they are alleging that hackers shouldn’t have been able to access these companies’ POS systems in the first place. They’re right. Hackers would not have been able to get in had the affected companies invested in proactive cyber security and implemented sound governance, risk, and compliance procedures.
The problem is not exclusive to large national or multinational corporations; it is estimated that
86% of small and medium-sized businesses woefully underfund their cyber security measures, and three-quarters have, at most, two staff members devoted to security (some have none). Yet as badly as companies the size of the Home Depot are being hammered by data breach lawsuits and other cleanup costs, they can afford to take the hit and keep going. A small business with razor-thin profit margins, or a young startup that’s not yet in the black, could be bankrupted by a data breach, especially if lawsuits are involved.
Often, it’s not that small businesses don’t care about being secure; it’s that they think they couldn’t possibly afford it. The good news is that proactive cyber security does not have to cost a small fortune. RegTech software solutions such as Continuum GRC’s IT Audit Machine (ITAM) automate GRC and security processes and put world-class security, compliance, and risk management within the reach of small and medium-sized businesses.
Don’t be reactive and wait for a breach to happen and potentially bankrupt your business; be proactive and prevent hackers from getting in to begin with.