Norway


In 2016 and 2017, Home Depot settled lawsuits of $19.5 million after its breach. In June 2017, Anthem agreed to pay $115 million to settle lawsuits stemming from a 2015 breach. The numbers indicate that data breach settlements are rising.

Data Breach Cost: Rise in Law Settlements data breach cost: rise in law settlements - pexels photo 712786 - Data Breach Cost: Rise in Law Settlements

The Factors Driving a in Settlements

There are a few factors driving the rising cost of data breach settlements, :

  • The class sizes of persons affected by data breaches is increasing. The more customer information involved in a breach, the higher the cost (including any settlement) typically. One reason for growth in size is the growth in the amount of data online now. Organizations are storing a tremendous amount of data about their .
  • As data breaches have become larger, so have the number of parties seeking some type of redress for those breaches. A company that has suffered a data breach of its customer information must now face not only class action lawsuits from those customers but from financial institutions looking to recoup costs as well. In addition, potential investigations and enforcement actions can be initiated by federal and local government offices.

data breach cost: rise in law settlements - teramind banner dont be next 20170810 728x90 - Data Breach Cost: Rise in Law Settlements

Mitigating Settlement Cost After a Breach

Avoiding the high cost of a settlement means avoiding the breach in the first place. However, that’s not very likely today as the prevailing wisdom seems to be it’s not if, but when, in terms of data breaches. So, what steps can organizations take to reduce the chance of a breach – and potentially reduce the cost of a settlement after a breach?

Remember the basics of data . Regular security assessments, the use of encryption, penetration testing, vulnerability patching, threat detection monitoring, and employee training regarding phishing scams are activities that should be part of an organization’s security efforts.

Review the data you hold. As we mentioned earlier, the amount of customer data impacted in a breach contributes to the size of settlement. Organizations should relook at the information they are requesting (and storing) from customers and assess whether all the information is necessary. Periodic data inventories should also be conducted to assess if data can be purged or removed to offline storage.

Document your security policies and procedures. If you are breached, it will help if you can document the steps you take to ensure data security. In some cases, actions can occur due to lack of proper protections – even when there is no evidence of identify theft. For example, Wellpoint paid $1.7 million to settle an action due to lack of a lack of policies/procedures to authorize database access and a lack of safeguards to verify authorized users.

Minimize data breach lag time. We discussed in an earlier blog post why data breach lag time – the time between when a breach occurs and when it’s detected – is such a crucial factor in terms of breach impact. Lag times can impact settlement cost too, as the more customer records impacted, the higher the cost to settle. Minimize lag time with user monitoring software to protect against insider threats. Use threat hunting to search through your network to detect and isolate advanced threats that evade existing security .

Do the right thing by customers. Prompt and detailed communication after a breach, quick efforts to mitigate damage (by proactively resetting passwords, for example), and offering free credit monitoring services are all steps that may help to reduce customer disgruntlement and the possibility of a lawsuit.

data breach cost: rise in law settlements - Teramind Banner 650x108 - Data Breach Cost: Rise in Law Settlements



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here