As part of Solutions Review’s Premium Content Series—a collection of contributed columns written by industry experts in maturing software categories—Rob Price, the Principal Solutions Consultant at Snow Software, shares some expert insights on how to protect your company against the consequences involved in data loss.
Data loss is one of the worst things that can happen to any organization. While losing data from one day’s worth of work may be only a minimal inconvenience, an unrecoverable data loss within billing or R&D systems can be catastrophic.
According to the Ponemon Institute’s 2021 Data Breach Report, a data breach in the U.S. cost an average of $4.24 million in 2021, a 10% increase from the average cost in 2019 at $3.86 million. This type of financial hit is challenging to recover from. While there’s no silver bullet within technology that can help organizations avoid data loss, understanding the types of data within your organization and the value and sensitivity of that data is critical.
For IT leaders, understanding the appropriate measures to put in place to ensure data is both secure and recoverable can avoid their organizations leaking intellectual property or employee and/or other personal data.
The Five Key Consequences of Data Loss
There are five typical negative consequences of data loss: productivity disruption, reputation damage, exposure of confidential information, loss of customer loyalty, and permanent business failure. Let’s take a closer look at each of these consequences of data loss and discuss how data protection and availability can help prevent these risks.
1. Productivity disruption
Productivity is the first thing to suffer when your organization loses its data, whether it’s from an unplanned network outage, hardware or software failure, or a malicious cyber-attack. Lost files may take hours, or even days, to recover, leading to staff downtime and lost sales. According to the Strategic Resource Institute, companies that cannot resume normal operations within 10 days of a data loss incident likely will not survive.
2. Reputation damage
In the digital age, news travels fast. If your company can’t serve its clients or ends up in the headlines due to a data loss incident, the negative publicity can permanently damage your business’s reputation. Some organizations spend hundreds of thousands of dollars repairing their brand after a data loss event. Facebook, for example, has faced several data breaches. Most notably was a loss of over 500 million users’ data in 2021, which exposed phone numbers, email addresses, locations, and biographical information. Leaks such as this will decrease user trust and cause many users to delete their accounts.
3. Exposure of confidential information
When data is lost from negligence or theft, it can result in the exposure of sensitive and confidential information. Many data privacy laws carry hefty fines that can be issued when customer data or employee records are compromised, and these fines can add up quickly. For example, the CCPA, one of the strongest consumer protection data laws in the U.S., has multiple levels of fines depending on violation type—”intentional violations” specifically carry a fine of $7,500 per record. These financial consequences are compounded if affected individuals decide to take legal action against your business.
4. Loss of customer loyalty
Customer loyalty is also tarnished after a data loss event, especially if client data is compromised. Suppose current customers can’t trust your company to protect their data. In that case, they may take their business elsewhere. For example, 83% of U.S. consumers claim to stop spending at a company for several months immediately after a security breach. Over a fifth claim, they’ll never return to a business post-breach. And once the word spreads, it may be an uphill battle to find new clients.
5. Permanent business failure
Data loss also has several economic and non-financial impacts on your company. The worst possible outcome is permanent business failure. Each year, a handful of organizations—companies like Code Spaces, The Heritage Company, and Wood Ranch Medical, to name a few—must close their doors following a major data loss event. When the financial impact and hidden costs of data loss combine, it creates a perfect storm that may be impossible to recover from.
How to Protect Company Data
Data is the lifeblood of every organization, and it is impossible to operate your business without it. The most significant mistake organizations make regarding data governance is ignoring data’s value. It is crucial to understand what types of data your organization works with, as well as its value and level of sensitivity. When you know these factors, you can then implement appropriate measures to ensure this data is secure and recoverable (in a timely manner to minimize business disruption), thus avoiding leaking intellectual property or personal data.
There are a couple of processes every organization should have in place, at minimum, to enable data recovery and help prevent data loss in the first place:
- Enact a data classification policy recognized and followed as a core part of day-to-day business activities. At Snow Software, we like to say, “you can’t protect what you can’t see.” This especially matters at the micro-level of the data. Just as you would hold a detailed inventory of the software in use across your organization, you should also keep an inventory of your data. The essential questions to ask when classifying data is to understand the full scope and reasoning for maintaining it, and just as importantly, how long you are required to hold it. Data past its ‘sell-by date’ moves from a digital asset to a digital liability.
- Have a clear business continuity and disaster recovery plan in place should a data loss occur. This plan should be practiced and well distributed, with every stakeholder well-informed of their primary and secondary roles if the plan is enacted. The Recovery Time Objectives (how long it can take to recover the data) and Recovery Point Objective (how old can the data be) should be understood for each type of data within the classification policy. Sufficient supporting technology should be in place to support those objectives.
It’s important to remember that not all data is created equally; attempting to protect all your data at the same level quickly becomes cost-prohibitive, leading to potential risks for your business. While no plan is 100% foolproof, putting steps in place to protect your data, such as implementing a disaster recovery plan, will ensure your business is better prepared to weather potential threats and challenges if a data breach does happen.
- How to Protect Your Company from the Five Consequences of Data Loss - January 19, 2022