Beyond The Bottom Line: The Real Cost of Data Breaches

It’s rare that a day goes by with not one story in the media about a company being hacked. Just this week a British multichannel retailer, Kiddicare, suffered a data breach that saw customer data stolen by attackers. We are all aware that a data breach not only damages a company’s reputation and impacts the bottom line, but what is harder to assess is the impact beyond the bottom line and how a significant breach can affect a consumer’s trust in organisations in general.

Today, FireEye sheds some light on the real cost of data breaches – beyond the bottom line. We commissioned a survey of 6,500 consumers across six different regions and show how 2015’s high profile data breaches have dented long-term consumer trust in major brands.

Global trends

The global report reveals insights into consumer expectations around communications of breaches, with two thirds of global respondents expecting to be told immediately if a data breach occurs to an organisation that holds their data and 91 percent expecting to be told within 24 hours. This seems to contrast the EU General Data Protection Regulation (GDPR), which is set to require that authorities be informed of a data breach within three days.

We also found that consumers are developing a clear appreciation of the impact data breaches can have, with nearly half (46 percent) of global respondents stating that they have full awareness and understanding of the potential impact of a data breach. Additionally, the majority of consumers are willing to take action against breached organisations if their details were stolen and used for criminal purposes as a result of a data breach.

High-profile data breaches are also causing many consumers to reduce the amount of data they will share with organisations. Altogether, 70 percent of those polled stated they would now give less personal information in light of recent data breaches, which potentially limits the ability of companies to offer more personalized and tailored products and services. Additionally, a third of respondents have a more negative perception about organisations in general as a result of high-profile data breaches, with 71 percent of those saying it is due to concerns about their ability to keep data safe.

Regional differences

The report identified some notable regional differences. For example, consumer perception and loyalty in the UAE (45 percent and 38 percent, respectively) and the U.S. (41 percent and 36 percent, respectively) has diminished the most when it comes to organisations affected by data breaches. Consumers in the UAE and U.S. are also more likely to feel negatively about organisations in general as a result of breaches (43 percent and 36 percent, respectively).

However, UAE consumer respondents in particular are much more likely to take action against organisations if their personal details were stolen and used for criminal purposes. Around three quarters would take legal action (75 percent) or leave the organisation (73 percent), compared to the U.S. where 59 percent would take legal action.

What should companies do?

Companies need to view cyber security as a business issue instead of a technological issue, and brands should think strategically about protecting shareholder value rather than just thinking tactically about how to secure the network. Companies should be prepared to make decisions based on the most important risks to their organisation, and ensure the most damaging threats are the ones that they are most focused on preventing. They should increase vigilance – not just spending – to protect information.