The Catastrophic Risks of Getting Data Security Wrong

October 21, 2021

By Fei Zou

Unsplash

Getting data security right is not cheap. Getting it wrong is exorbitant. The average annual cost of a data security breach for a company that misuses or loses data is $4.24 million according to a recent IBM security survey, nearly 10 percent higher than it was before the pandemic. And that's just the initial price tag. The true costs of lax security cut even deeper. A staggering 60 percent of small and medium size businesses go out of business within 6 months of a massive data breach.

And yet, if your company uses, collects, stores, or relies on first-party data (and what successful business these days doesn't?), you face all kinds of data-related risks that can make that $4.24 million seem like a rounding error.

Here's a rundown of less considered data security risks — and what they could mean for you and your business:

"Use" risk


Your company is not just on the hook to secure data from being stolen — you also need to ensure it is used properly, ie. exclusively for the permitted applications laid out in the contract. The EU's GDPR and California's CCPA privacy laws — these are real regulations with teeth. If someone in your company (or one of your partners) misuses your data, you're on the hook. And if your company is fined 4 percent of the enterprise topline for basic but honest data misuse, it could bankrupt the whole enterprise.

Reputation risk

A data snafu at scale is a PR disaster. It erodes consumer trust in your brand and customers' trust in your relationship. It's also a financial disaster. A recent PwC report found that 69 percent of consumers believe that the companies they use are vulnerable to being hacked and 87 percent of consumers are even willing to walk away if a data breach occurs. And that doesn't even consider what you'll need to spend on marketing, PR, and branding to rebuild a damaged reputation.

Regulatory risk. Data misuse can open you up to a whole new universe of penalties, fines, sanctions, and legal costs, which can be enormous and go on for years. You could easily spend billions of dollars settling your case — just ask Facebook.

Short-term revenue risk


This is where the rubber meets the road. Once you have a security situation, current business customers could shut off deals. Either that or you'll spend countless hours (or worse, months) documenting your processes and reassuring them their data and reputation are safe. And a data security issue that leads to a court action or some regulatory action, gives all your business customers an out on their contracts. Which leads to this next one...

Business model risk


If the world decides that they just can't afford to do things the way you're doing them, you'll have to change your whole model. It may not even be about your brand personally, but if folks aren't using your product or your data you may have to shut down or change your business model entirely, or both (we're looking at you Ashley Madison), which could mean you suffer an extraordinary loss.

Market access risk


Once you're caught in a security disaster, you can be labeled as a business risk in an ecosystem, our country, or region. And that freezes you out of a marketplace.

Operational risk


Security snafus are a time suck. The realities of all the time and suffering a security problem demands, especially the attention of key people in the organization, can be a massive setback. Plus, who wants to work for a company that's mired in security hell? Suddenly you can't attract or retain the most mobile and most marginally valuable talent.

Valuation risk


If you can't secure your data, you won't be able to do all the good things like growth, innovation, and expand new revenue streams that come with the secure application of data. Private and public capital are both allergic to the risks that come with poor data security.

And that's perhaps the biggest risk of all.

Managing all this risk isn't easy, largely because there are so many stakeholders. You've got network and cloud data that your IT and security teams worry about defending. You've got your reputation, which keeps your CMO up at night. You've got business model risks, and maybe your CRO and CEO worry about that — plus your valuation risk. Meanwhile your legal team and COO are worried about operational risks. And so on. Nobody's got their eye on the full picture.

But there is one way to start to mitigate all these risks: Does your full technology stack prevent risk from even being created, or does it just give you the tools to clean up better after a breach or violation? You owe it to yourself to ask now before it all becomes something even bigger: An existential threat to your survival.


Fei Zou is the CEO at Helios Data.


The views and opinions expressed in Marketing Maestros are solely those of the contributor and do not necessarily reflect the official position of the ANA or imply endorsement from the ANA.


You must be logged in to submit a comment.