Cathay Pacific Breach Illustrates How Rising Tide of Security Breaches Takes Toll on Business
It’s starting to feel like there is now a major data security breach being revealed every other day. This week it was Cathay Pacific’s turn to reveal that the personal data of some 9.4 million customers had been compromised. Data involving passenger names, nationalities, dates of birth, telephone numbers, email, physical addresses, numbers for passports, identity cards and frequent-flier programs, and historical travel information were all affected along with several hundred credit card numbers.
As the rate at which these breaches continue to be discovered and disclosed the question that arises is to what degree do these lapses in cybersecurity ultimately impact a business. Obviously, the remediation costs associated with a breach of this magnitude will number in the millions. But a survey of 2,000 consumers with incomes between $25,000 and $500,000 conducted by PCI Pal, a provider of cybersecurity services for credit card transactions, also indicates the cost of these breaches to the business profoundly impacts future revenue. The survey finds 83 percent of consumers will stop spending with a business for several months in the immediate aftermath of a security breach or a hack. Over a fifth (21%) of consumers will never return to a brand or a business post-breach, the survey finds.
Even the perception of having lax security practices is having an impact. Almost half of the respondents (45%) reported that they spend less with brands they perceive to have insecure data practices, while over a quarter (26%) say they stop spending completely if they don’t trust a company with their data.
At the same time, politicians are increasingly seizing on cybersecurity as an issue their constituents increasingly appreciate. Many politicians around the world are now using the General Data Protection Rule (GDPR) put in place by the European Union to advance cybersecurity legislation. The combined impact of those efforts is to substantially increase the cost of a cybersecurity breach to the point where the board of any company now has a fiduciary responsibility to assess cybersecurity risks to the business. Naturally, the first step to accomplishing that goal is to appoint board members that understand cybersecurity risks to the business. Unfortunately, those individuals remain far and few in between.
Of course, the real issue might have very little to do with cybersecurity per se. All too often the root cause of most cybersecurity issue comes down to how data is being managed and governed. In the case of airlines, third-parties ranging from providers of IT services to suppliers of food services have access to all kinds of data. Each one represents a potential weakest cybersecurity link in the supply chain.
The silver lining in all this is that as the tangible cost of cybersecurity continues to rise more focus is being put into not just technology, but also the processes that are required to make an organization secure. Of course, so long as people are involved in those processes there may never be anything as perfect security. But the one thing that is apparent to even the most clueless of executives is that cybersecurity now represents a clear and present danger to the business. It’s just a shame that most of those executives have had to learn that lesson in the hardest of ways.