Within the world of cyber security, a great deal of attention has been focused lately on the escalating hazards and frequency of data breaches, with considerable discussion on the high cost of such breaches. But as the industry has assessed the financial toll of breaches, it has never taken into account the impact breaches have on a company’s brand image and, consequently, its bottom line.
A recently released Ponemon Institute study, sponsored by Experian’s Data Breach Resolution and believed to be the first of its kind, explores the “Reputation Impact of a Data Breach” to provide more context for the full scope of data breaches. The findings draw enlightening conclusions around the financial toll that data breaches wreak upon harmed corporate reputations, including these key takeaways:
Reputation is one of an organization’s most important and valuable assets. Reputation and brand image are perceived as very valuable…and highly vulnerable to negative events, including a data breach.
Calculating the value of reputation and brand reveals how valuable these assets are to an organization. The average value of brand and reputation for the study’s participating organizations was determined to be approximately $1.5 billion. Depending upon the type of information lost as a result of the breach, the average loss in the value of the brand ranged from $184 million to more than $330 million. Depending upon the type of breach, the value of brand and reputation could decline as much as 17 percent to 31 percent.
Not all data breaches are equal. Some breaches are more devastating than others to an organization’s reputation and brand image, with the loss or theft of customer information ranked as the most devastating (followed by confidential financial business information and confidential non-financial business information).
Data breaches occur in most organizations represented in this study and have at least a moderate or a significant impact on reputation and brand image. According to 82 percent of respondents, their organizations had a data breach involving sensitive or confidential information. Fifty-three percent say the data breaches had a moderate impact on reputation and brand image and 23 percent say it was significant.
Most organizations in the study have had a data breach involving the theft of sensitive or confidential business information. On average these types of breaches have occurred 2.9 times in surveyed organizations, with the theft or loss of confidential financial information having the most significant impact on reputation and brand.
Respondents strongly believe in understanding the root cause of the breach and protecting victims from identity theft. When asked what their organizations did following a breach to preserve or restore brand and reputation, the top three steps are: conduct investigations and forensics, work closely with law enforcement and protect those affected from potential harms such as identity theft.
The Ponemon study clearly shows that when data breaches occur, the collateral damage of a company’s brand and reputation become significant hard costs that must be factored into the total financial loss.