data breaches are on the rise. Just recently we saw new reports confirming Yahoo! suffered another large, embarrassing breach (this time of more than one billion user accounts in August 2013). And the story continues to unfold around whether or not Russia breached United States cyber systems in hopes of influencing the 2016 presidential election. It seems like putting personal information in a website today feels a bit like getting into a car 50 years ago — with minimal seatbelts, no airbags and no testing, you just had to hope to avoid a crash.
In the same vein, we just have to hope to avoid a Data breach. Would we continue to go to a store that let strangers shop with our credit cards? Go to a psychiatrist who disclosed our confessed affairs in public? Work for a company that allowed anyone to access our confidential personnel records? Not a chance.
Yet, Target had 40 million customers’ credit card numbers stolen and put on sale online; Ashley Madison’s records on 37 million married users and their personal affairs were taken and published online; and the US Office of Personnel Management had all records on past, present and potential employees stolen.
The impact of these breaches is profound and lasting. Some users lost time and money protecting from theft their finances and their identity; others saw marriages dissolve and even committed suicide; and others may be subject to blackmail and exposure.
All were let down by the very organizations they had entrusted with their personal information.
Even worse, according to one study, 93 percent of data breaches could have been prevented. Systems are not always protected from known bugs; employees are not always trained to avoid phishing emails targeting their password. And when a breach does occur, steps were not taken to avoid harm, such as minimizing the amount of data stored and encrypting the data that was kept.
The resulting cost to organizations is significant; up to US$500 billion per year in costs for the organization, including a strong reputational effect.
