People have no trouble walking away from a business when they feel that their personal information isn’t adequately protected. I’d be willing to bet that fewer people are getting double-doubles after learning of a certain company’s data practices with its app.

A recent report should be enough to make executives sit up at night worrying about whether their company’s data is secure. The report from IBM Security analyzed 537 data breaches across 17 countries and 17 industries. Some of the findings are alarming.

  • The average cost of a data breach has risen to $4.24 million (USD), a 10% increase. This is the largest single-year increase in 7 years.
  • In situations involving working from home as a factor in the breach, the average cost was $1.07 million higher.
  • Companies that did not implement any digital transformation changes due to the pandemic incurred $750,000 higher costs compared to the global average.
  • Healthcare organizations experienced the highest average cost of a data breach (for the 11th year in a row).
  • Customer personal information was the most common type of record lost, occurring in 44% of breaches, at a cost of $180 per record lost.
  • The average total cost of a ransomware attack, excluding the ransom payment itself, was $4.62 million.
  • On average, it took 287 days to identify and contain a data breach.

Numbers like those, and the accompanying damage to a company’s brand reputation, are understandably bringing about tectonic shifts in the business landscape. It’s now standard practice to include questions about privacy protection and data security on RFPs – in the private and public sectors. A business without sound data security practices and programs in place will be denied, or face significant costs, for a cyber-incident policy.

So, how do you protect your business from being subjected to the costs – financial and reputational – that come with a data breach? Invest today in your privacy management and data security program:

  • Ensure that your entire management team is aware of, and are compliant with, the rules that govern how a business handles personal information.
  • Develop and implement policies and procedures to protect client personal and company proprietary information and train your employees to ensure compliance.
  • Ensure that your business has appropriate security safeguards in place to protect its data against loss, theft, unauthorized use, and disclosure. This includes taking physical measures and using technological tools and organizational controls to protect your data.
  • Conduct privacy impact and risk assessments before adopting new technologies and implementing new programs in which personal information will be collected, used, or disclosed.
  • Demand due diligence in all corporate transactions to ensure other parties have complied with their privacy obligations and have appropriate data security measures in place before acquiring a new business.

Gone are the days when a business could ignore data security; clients, vendors, and insurers increasingly demand vigilance and documentation (if not auditing) of formal mitigation procedures.

How are you going to sleep tonight?