A glance at the most recent headlines highlight the legal consequences enterprises face in the wake of data breaches. Your own business must consider cases such as these when factoring the costs of a potential data breach. Remember, hackers are constantly looking for the low hanging fruit and the easy target. It doesn’t matter what size your organization or your industry; if you have any connection to the internet, a hacker is considering whether or not to strike.
Moreover, a data breach can have consequences beyond just what hackers steal. Take a look at these cases.
Legal Consequences of Data Breaches in The News
Among the most recent headlines, we find Joe Sullivan, former CSO of Uber, charged with concealing the company’s 2016 data breach from federal investigators. In the charges, Mr. Sullivan allegedly arranged to pay hackers $100,000 in hush money after they exposed the personal data of millions of customers.
Granted, this case is unique in that the CSO allegedly broke the law in order to keep the full extent of the breach out of the public eye. However, it still suggests some of the potential legal consequences of data breaches for businesses of all sizes. First, some cybersecurity experts posit that enterprises fail to report cyber attacks and data breaches to avoid the public fallout.
On the one hand, this line of thinking is understandable (although not acceptable). According to a critical study by Ping Identity, 81 percent of consumers would stop engaging with a brand online after a data breach. The long term reputation damage can haunt a brand for years afterwards (somewhat demonstrated by the Uber breach).
However, concealing a data breach could lead to criminal charges, possibly resulting in jail time. Further, attempting to hide a data breach from sight can damage your reputation more than if you disclosed quickly and worked to remediate the problem. Accidents happen, but scandals stick in the mind of consumers.
Meanwhile, hotel group Marriott faces a class action lawsuit in London from millions of customers in the wake of its own data breach. Partially the lawsuit stems from the theft of millions of credit cards and passport numbers as a result of the breach. However, it also partially stems from the breach continuing undetected from 2014 to 2018.
The legal consequences of the Marriott data breach class action lawsuit have yet to be determined, but they come in addition to various fines totaling in the millions. This breach illustrates again that without proper cybersecurity protocols and visibility in place, the damage of a breach can magnify. Moreover, as the damage increases, so too do the severity of the legal actions taken against your business.
Also, the Marriott breach demonstrates how difficult it can prove to maintain visibility over rapidly evolving infrastructures without a solution. Human expertise certainly matters, but without technology to support it, hackers can always outpace them.
Now is the right time to take action. Download the SIEM Buyer’s Guide now and find the right solution for your business.
Latest posts by Ben Canner (see all)
- Top 6 Information Security Books for Professionals - September 24, 2020
- Key Findings from Gartner’s 2020 Market Guide for SOAR - September 23, 2020
- Top 5 Cybersecurity Intelligence Books for Professionals - September 21, 2020