Yahoo!’s announcement late last year that it had been victimized by not one but two separate data breaches was the Gettysburg of corporate cyber attacks – the biggest battle yet waged. The first attack, which occurred in 2014, impacted more than 500 million Yahoo! user accounts, while the second assault, in August 2013, was nearly twice as malevolent.
As with the Union Army at Gettysburg, Yahoo! was fortunate to prevail. Next time, it may not be so lucky.
The two attacks, the largest known security breaches of one company’s computer network, triggered several class action lawsuits against the tech giant. They also put Verizon’s $4.83 billion pending acquisition of Yahoo! in jeopardy. Yahoo!’s hacking episode was just the latest in a Murderers’ Row of cyber attacks on mega brands such as Home Depot, Sony, and Target. Despite the untold damage and dislocation caused by cybercrime, some companies inexplicably choose to ignore the threat.
Certain corporate boards and C-level executives think that because their company owns cyber insurance they don’t need to worry, observes Donald Good, Director of Global Legal Technology Solutions at Navigant. “Instead, they should be planning and thinking about the repercussions of a cyber breach and how it will hurt their bottom line,” Good recommends.
Good stresses that corporate leaders need to strengthen their organization’s cybersecurity. “It starts at the top and goes down from there and that’s where we’ve seen companies be successful,” he says. “There needs to be a balance among the right people, the right technology, and the right processes in place.”
Companies that lack a creditable cybersecurity strategy are playing a game of Russian roulette. According to Juniper Research, cybercrime will cost businesses $2.1 trillion globally by 2019, quadrupling the estimated cost of breaches in 2015. The average cost of a data breach in 2020 will exceed $150 million by 2020, as more business infrastructure gets connected.
It’s also important to note that by 2020 cyber losses will amount to far more than data – they are sure to include financial, health, safety, and security information. We are rapidly entering the age where free credit reporting as a consumer-facing recovery strategy will do more harm to brands than good.
To be sure, large and publicly traded companies are getting better at recognizing the cybersecurity threat and how to inoculate their data systems from a computer breach. But some boards still are too quick to relegate the issue to the IT department and fail to appreciate that cyber attacks represent a risk that could decimate the entire company.
“Is the CEO and the board committed to cybersecurity or is it just another line item that will get funded, but without the personal leadership that’s required?” asks Jim Trainor, senior VP for Aon Risk Solutions and former assistant director for the cyber division at the Federal Bureau of Investigation (FBI).
When it comes to cyber security, there’s now an onus on boards and C-suite executives to establish accountability and delineate clear lines of communication.