skip to main content
logo_fullcolour

How Much Will Your Cyber Breach Cost?

Do you know how much a cyber breach would cost your business?
 
For LinkedIn, it was at least $1.25 million.
 
Last month, the business-social networking site agreed to pay $1.25 million to settle a class-action lawsuit, stemming from a 2012 data breach.  The breach involved the passwords for 6.5 million LinkedIn users that were posted on a Russian hacker site.  The company had 160 million users at the time, but the settlement only applies to the 800,000 users who had paid for LinkedIn's premium services.  These users had argued that LinkedIn had deceived them about its security measures.
 
If you were a LinkedIn premium user between March 15, 2006 and June 7, 2012, and you are interested in the lawsuit, go to: https://www.linkedinclassactionsettlement.com/Home.aspx.  The website sets forth certain dates by which you must claim any payment to which you may be entitled.  It also includes information on excluding yourself from payment, but retaining your rights to sue LinkedIn on the claims in the case.
 
This settlement amount, after deducting for the users' attorneys’ fees, amounts to about $1 per user.  This may not seem like a significant amount for a business.  However, this is only the settlement amount.  It doesn’t take into account all of the other costs incurred as a result of this breach, such as LinkedIn’s attorneys’ fees and the costs of notifying all of the LinkedIn users of the breach, which state laws require every company to do.
 
The Ponemon Institute, which conducts independent research on privacy, data protection and information security policy, issues a yearly assessment of the costs associated with data breaches.  In its 2014 “Cost of Data Breach Study,” it calculated the following costs for a data breach:
•         $3.5 million = Consolidated total cost of a data breach
•         $201 = Cost per compromised record
 
If you are wondering how you can minimize your liability and reduce the costs of a data breach, here are a few recommendations:
•         Add a Chief Information Security Officer:  The Ponemon Institute estimates that adding a CISO will reduce the costs of a data breach.  If you can't afford a full-time CISO, consider hiring a third-party consultant for these issues.
•         Verify Contracts with Third Parties: Some breaches occur via third parties—the Target breach occurred via a third-party HVAC contractor.  Review your contracts with these third parties to assess whether these third parties may be liable for the costs associated with any data breach.
•         Invest in Data Breach Insurance:  Contact your insurance agent to see if a data breach is covered by your policy and, if not, whether it might be worthwhile to invest in data breach insurance.
 
If you have questions about minimizing your liability for a data breach or about the costs associated with a data breach, contact a member of MacDonald Illig’s Emerging Technologies Practice Group.
 
Also, if you know of someone who might be interested in receiving these weekly updates, have that person contact vmadden@mijb.com.