Do you know what the following people have in common?
Amy Pascal, Greg Steinhafel, Frank Blake, Richard Smith, Noel Biderman
All were CEOs of companies that lost their jobs following a data breach/hacking of their respective companies.
- Amy Pascal was CEO of Sony Pictures. The company settled a class action lawsuit for $15 million
- Greg Steinhafel was CEO of Target. They settled class action lawsuits for $50 million
- Frank Blake was CEO of Home Depot. The company paid $27.25 million to banks, $134 million to Visa, MC and more banks, $19 million in class action settlements
- Richard Smith was CEO of Equifax. Suits are still pending at time of publishing
- Noel Biderman was CEO of Ashley Madison. They paid $11.2 million to settle claims
The expense of dealing with a data breach can add up quickly. Take, for example, a hospital that experienced a breach of 40,000 records. The price tag was $450,000 for credit monitoring and ID Theft insurance, $175,000 in notification and call center expenses, $25,000 forensics costs and $90,000 in legal costs, and $500,000 in regulatory fines.
In another instance, a former hospital employee downloaded 102,000 patient records. The expenses amounted to $1.4 million in credit monitoring & call center, $500,000 in notification expenses, $500,000 legal expenses, $250,000 forensics, $1.5 million in legal expenses and $750,000 in regulatory fines.
Many companies were impacted by the Petya/NotPetya malware in 2017. Consider a full day without phones, six days without email, nearly two weeks without complete access to documents, and $700,000 in lost billings. That’s what happened when this malware hit a global law firm. What lessons did they learn? With ransomware, detection comes too late; everyone has a plan until you get punched in the face; no firm is immune. Globally the malware cost $1.5 billion, including companies such as FedEx which posted a $200 million loss and Maersk which posted a $300 million loss, to name just a few.
All companies are at risk regardless of size, industry, or location. How do you offset the staggering amounts that a cyber event can cost your company? Invest in risk management, cyber security, and cyber insurance.