9 data breach lawsuits that made headlines
It may be impossible for a company to avoid a data breach entirely. But it’s very possible to stay off the list of the most expensive breaches in history.
Last year (2017) was an important year in cybersecurity for all the wrong reasons. We saw major breaches at firms like Equifax, more devious attacks like WannaCry that targeted hospitals, and a general rise in anxiety over cybersecurity.
In the midst of all that, several major stories flew under the radar. Most notably was Anthem’s $115 million settlement with victims of a 2015 data breach. This is the largest data breach lawsuit in history (thus far), and it highlights the deep financial toll of security lapses.
Almost every data breach is followed by a flurry of lawsuits. The size of the breach is not necessarily related to the size of the settlement, but the biggest breaches tend to be the most expensive. The combined cost of lawsuits, fines, notifications, and new security measures is substantial for any enterprise. Just consider these nine high-profile breaches and the final cost:
- The Home Depot – $56 Million
- Sony Picture Entertainment – $100 Million
- Heartland Payment Systems – $140 Million
- TJ Maxx – $162 Million
- Target – $162 Million
- Sony PlayStation – $171 Million
- Hannaford Bros – $252 Million
- Veterans Administration – $500 Million
- Epsilon – $4 Billion
Those figures might seem astronomical, but they’re on par with the industry. IBM estimates the average data breach costs $4 million, which is up 29% since just 2013. The average cost of each record lost is $158, but in industries like healthcare, it’s as high as $355 per record.
Most of the organizations on the list above are still in business, but all of them were hurt financially. The financial consequences of a data breach are enough to sink many companies. Luckily, there are distinct steps companies can take to lower the cost of a breach.
- Create an Incident Response Team – Having the right plans, people, and resources in place early expedite the response. When threats are identified and removed ASAP they have less opportunity to steal huge repositories of data.
- Use Encryption Extensively – Even if the information is stolen, some or all of it is inaccessible to the thieves. Companies may still experience financial consequences, but lawsuits and fines are less likely.
- Train Employees – Staff is either the company’s strongest defense or its biggest weakness. Making cybersecurity training an ongoing investment helps employees to spot red flags and avoid many accidental breaches.
- Appoint a CSO – A systematic approach to cybersecurity is the only way to deflect and mitigate threats over the long-term. Appointing an executive to oversee this process ensures that it remains a priority.
- Invest in Coverage – Cyber coverage insurance kicks in when other preventative measures can’t. The right policies and coverage options apply to legal, regulatory, technical, and other expenses. Since all companies are at risk of an intentional cyberattack or an accidental data breach, cyber insurance is quickly becoming a standard safeguard.
It may be impossible for a company to avoid cyber incidents entirely. But it’s very possible to stay off the list of the most expensive breaches in history. It starts by knowing the risk, continues with the right preparation, and concludes with fail-safes like specialized insurance. A comprehensive approach ensures that technical mistakes don’t lead to financial ruin.