| The loss of sensitive data continues to be a signifi cant concern for both organizations as well as individuals whose information may be at risk of a breach. Organizations that experience a data breach can suffer reputational damage, loss of customer and constituent confi dence, legal and regulatory scrutiny, and the direct costs of managing an incident and complying with the legal requirements to notify customers that their private information has been breached.
If a data breach involves internal business information, the competitive damage to the organization can be severe. In the case of leakage of private customer information, this damage will be compounded by eroded customer trust and brand equity.
Data breaches represent a major category of organizational failures in the eyes of many individuals. Customers, constituents, and employees demand to have their personal information well protected and, in the event that sensitive data may have been exposed, require that they be notifi ed of such incidents. As a result, lawmakers and regulators have responded by passing laws to help identity theft victims and to require organizations to protect the security and confi dentiality of their customers’ and employees’ personal information.
Both organizations and individuals are acutely aware of the risk from the loss of sensitive information. One of the most nefarious consequences of a data breach is identity theft, a rapidly growing crime with devastating consequences to its victims. It still poses a major risk to the public as well as to the organization that mishandles private information with which it has been entrusted.
Since the consequences of identity theft are severe, a real concern arises even if only a small percentage of parties whose information was breached end up becoming victims. Moreover, any notifi cation of a data breach, even if it does not result in identity theft, will infl uence consumers’ behavior and confi dence and may lead to the termination of their relationship with the organization that mishandled their private and confi dential information. The consequence may be damage to an organization’s reputation as well as the opportunity cost of lost business. This loss of confi dence can also arise within the organization itself, since the loss of confi dence in the security of a particular system or data store can render it hesitant or unwilling to engage in new initiatives or ventures. |