In May, IBM and Ponemon Institute released a study on the cost of a data breach, and found startling statistics:
- Average cost per lost record is $217.
- Average total cost of a data breach is $6.5 million.
And, as if the one-two punch of monetary and reputation loss a data breach hits you with is not enough, the Federal Trade Commission (FTC) is now ready to pounce on you with a vicious (but much needed) body blow if you have poor cybersecurity.
For example, the FTC filed a complaint in 2012 against Wyndham Hotels for failure to protect the consumer information of more than 600,000 of its guests.
The result? The U.S. Court of Appeals has spoken: the FTC is given regulatory power to punish companies that do not act in accordance with safe data security practices.
The FTC’s Chairwoman, Edith Ramirez, issued this firm statement after the ruling:
“Today’s Third Circuit Court of Appeals decision reaffirms the FTC’s authority to hold companies accountable for failing to safeguard consumer data. It is not only appropriate, but critical, that the FTC has the ability to take action on behalf of consumers when companies fail to take reasonable steps to secure sensitive consumer information.”
How exactly the FTC intends to punish companies at this point is unclear. But, it could be anything from heavy fines to a probational period of intensive audits.
While some may feel that the FTC is kicking companies that are already down, it’s clear that more penalties are required for companies that do not make an effort to protect the private information of their consumers.
Are you protecting your customers?
While the fines and penalties for data breaches can easily cripple or even shut down a small to mid-sized business, some larger organizations can not only bear the brunt of a data breach, but shrug it off and resume business as usual.
And because they do not feel anything more than a prick from a data breach, they see no reason to work harder at securing their networks.
Some companies even think it’s cheaper and simpler to just get hacked, claim on insurance and move on.
These companies fail to see the impact that breaches have on their customer’s personal lives, who are at risk of having their personal details leaked. As seen in the recent Ashley Madison hack, in extreme cases, data breaches can affect individuals on a deep enough level to cause them to take their own lives.
Hopefully the penalties to be dealt out by the FTC will give companies the extra incentive they need to work hard at keeping their networks secure.