Many organisations are still only reacting to data breaches when they hit the news; but why aren’t they doing more to prevent data breaches and stop them from happening in the first place?
Each time a breach happens, real people and real lives are often affected. Organisations are not always seeing how a data breach can have huge psychological impact on the victims that can cause lasting harm and financial losses, and cause huge financial loss to the organisations themselves.
Will the attitude toward data security ever change?
Modern-day technology often relies on the mass accumulation, storage and use of data, and it’s often personal data. In gathering as much information about us as possible to create digital profiles, businesses can target our likes, needs and wants far more easily in order to market their products and services to us; and thus make money.
However, in the frenzy of it all, some organisations aren’t taking the time to protect this information from being leaked, misused or stolen. Data protection laws and principals provide organisations with rules and obligations for protecting personal data, but too many organisations are reportedly flouting them in the rush for profits. This has arguably created a phenomenon where breaches are extremely common and organisations are constantly having to react to them rather than preventing them in the first place.
The reactions are all often similar, usually with the following common combinations:
Apologise and shift the blame on things like “advanced persistent attacks”, a technical issue or a rogue / negligent employee |
Say that the firm takes its consumer data “very seriously” (but not seriously enough to prevent the breach in the first place we guess?) |
Offer one-year’s worth of free security monitoring – a service that sounds nice but will be of no use when hackers actually start to use the stolen data after patiently sitting on it for 12 months… |
So many organisations are reacting in ways that do not really acknowledge the impact the breach has on the victims, and some are continually failing to take the necessary steps required to actively protect them.
Prevention trumps reaction
By the time an organisation has to react to a data breach, these things may already have happened, or may be about to happen:
- Damage to reputation
- Damage to consumer trust and confidence
- Market shares falling
- Prospective consumers turning away
- Victims suffering damage
- Regulatory sanctions, including fines
- Compensation claims from victims
All of this could be prevented or heavily mitigated if an organisation properly invests in cybersecurity.
Businesses are of course motivated by money, but the chase for profits may result in an oversight when it comes to data protection, yet ironically, not all businesses are recognising the extreme financial costs associated with data breaches.