Posted inPCI DSS compliance
A new study into the impact of a data breach makes explosive reading — especially when you discover the true cost of losing customer trust. However, with the right solutions, you can diffuse the problem safely.
This new report will provide little comfort at a time when businesses are worried about complying with the General Data Protection Regulation (GDPR), PCI DSS rules on secure payments, and other data safeguarding requirements. Now we know the alarm over data breaches isn't hype: It's real.
The only way is up The cost of data breaches is increasing - and more consumer records are being lost or stolen, year after year. That's according to the 2018 Cost of a Data Breach Study, from IBM Security and Ponemon Institute, which interviewed over 2,000 professionals at 477 companies that had experienced a data breach over the past 12 months.
In short, the statistics make grim reading and point to a worsening picture overall. Globally, the costs have risen by over 6%. At a national level, researchers estimate that the total cost of a data breach is £3.7m on average for UK companies and a staggering US £7.9m for American organisations.
While those numbers are dizzying, the report comes up with an average cost of £148 per lost record, which makes the figures easier to digest. So losing 20,000 records could translate into a budget-puncturing £296,000.
The story within the story
The calculations in the Ponemon report cover everything from the cost of detection and notification, through to business disruption and fines. But the correlation between costs with the number of lost customers is especially significant.
Organisations that lose less than 1% of their customers due to a data breach, tend to experience an average total cost of £2.8m. But the figure shoots up to £6m for those that lose 4% or more of their customer base, demonstrating that widespread loss in trust has serious financial consequences. Put simply, customers notice a breach, some will decide to walk, and it's costly to win them back.
Companies in industries such as healthcare and financial services are more vulnerable to churn, as customers have higher expectations about the protection of their data.
Loyalty after a breach is especially hard to preserve for US and UK companies. When you combine the abnormal turnover of customers with increased customer acquisition activities, reputation losses, and diminished goodwill, then the average cost of lost business is dramatic ...
So am I next?
Unfortunately, if you've suffered one breach already, that doesn't make you immune from another. In fact, the likelihood of victims suffering another breach has increased, year on year.
The average global probability of a breach that involves a minimum of 1,000 lost or stolen records containing personal information has crept up to 27.9%. Follow this logic ... and more than one in four organisations will have to go through it all again within two years.
Perhaps the sad conclusion is that lessons haven't been learned? Perhaps companies failed to rethink how they protect their sensitive data in a fundamental way?
Can I avoid becoming a statistic?
In the year ahead, many companies will be worried about data breaches that mean they fall foul of GDPR, PCI DSS and other regulations. But it's possible to break the cycle of repeated breaches - and avoid them in the first place.
The report identifies the root issues of breaches as being malicious or criminal attacks, human errors or system glitches. But with a company like Eckoh, you can protect sensitive customer details within your contact centre environment.
You can stop information like cardholder data from being ransacked by hackers or rogue agents, leaked by clumsy employees, or being spilled onto the Internet because systems have gone wrong.
Eckoh provides a portfolio of solutions that can secure payments made over the phone to agents, payments via websites and apps, and payments made via new services, such as Live Pay. You can also prevent sensitive data from being plundered from IT systems and call recordings. In fact, there are even ways to stop sensitive cardholder details from entering your environment altogether, so there's nothing at risk ... at all.
So how's it done?
Discover more Download your free copy of The definitive guide to PCI DSS compliance for contact centres. It's a jargon-free guide to compliance for forward-thinking organisations in an era when potentially, any company taking card payments is at risk.
It's essential reading if you work in contact centre design, management or operations, as well as IT, sales, customer care, marketing or brand management. In fact, any senior decision-maker should armthemselves with these insights ... and fast.
 '2018 Cost of a Data Breach Study' - IBM Security and Ponemon Institute (figures have used estimates and only considered data breaches involving fewer than 100,000 records).
Latest Blog Items
Tuesday, 11 June 2019 PSD2 & SCA: What do we need to know, right now?New EU regulations affecting electronic payments are about to impact UK consumers. But what will PSD2 and SCA mean for merchants — and what do they need to know?
Tuesday, 16 April 2019 Nine things that bug you about PCI DSS complianceCompliance with the Payment Card Industry Data Security Standard (PCI DSS) helps companies to demonstrate they can process card payments securely and reduce card fraud.
Monday, 18 March 2019 Are contact centre agents the only way to delivery customer service?Everything’s on the up - call volumes, cost of call handling, maintaining, managing and training people, as well as customer expectations.