An unfortunate reality of the digital age is the fallout suffered by organizations in the wake of a data breach: civil damages when an actual injury can be demonstrated; statutory damages in certain circumstances; regulatory fines, particularly when health care information is involved; industry fines if payment card standards haven’t been followed; defense costs, regardless of the outcome of the litigation or administrative proceeding; notification costs when required and affected individuals can be identified. But after the costs have been incurred, the lawsuits have been dismissed or settled, and the websites are back up and running, an insidious effect can still remain—damage to the entity’s reputation.
An October 2013 survey by Harris Interactive for Experian provides evidence that post-breach reputational damage is far from hypothetical. The survey revealed that one in four U.S. adult consumers have received a notification letter advising them their account information has been compromised, and that fully 20 percent of those consumers cancelled their accounts. This study is no fluke.
