There has been a disturbing trend in the number of data breaches in recent years.
Under the European GDPR, breach notifications are now mandatory. This means that organizations must notify data owners immediately if a data breach is deemed high risk. The way an organization responds to its customers during a data breach crisis is an important part of the recovery process. So, I would imagine that companies will need to have a crisis management plan in place, together with a trained customer service team ready to be mobilized immediately.
Organizations which fail to comply with GDPR can be fined up to 4% of annual global turnover or €20 Million. On top of that, let’s not forget the other costs related to a data breach.
“On average, 67% of customers would cease to do business with a company if there were news about fraud or personal information theft” – Teleperformance CX Lab survey of 13 countries and 18 industries
The IBM Security Institute estimates that the average cost of a data breach in 2018 was almost $4m, that’s up 6.4% on 2017. This includes the cost of time spent on rectifying the breach, technical investigations, legal and regulatory activities and the cost of lost business and reputation. The study found that one-third of the cost of “mega breaches” (over 1 million lost records) were derived from lost business.
In some cases a data breach can be the end of your company. The business magazine Inc published data suggesting that over 60% of small and medium companies go out of business in the six months after a data breach. Only large companies have the resources to ride out the reputational damage – but it can still be extremely costly and can take years to recover.
What’s even more disturbing is that it doesn’t cost much to commit cybercrime. According to Deloitte, attackers can execute a cyber attack for as little as $34 per month.
Privacy makes good business sense
Overall, the GDPR is an opportunity for organizations to ensure robust privacy and security practices, which consequently can bring long-term benefits in terms of customer trust and engagement.
Teleperformance (TP) recognizes the risks and concerns about data security are committed to respecting privacy, safeguarding data, and enabling trust. Its security team was involved in GDPR from the moment it was proposed. They have a robust approach to protecting customer data – and have been recognized through global awards. For example, its security policy implementation has been recognized by the International Association of Privacy Professionals (IAPP) through the prestigious 2017 global HPE-IAPP Privacy Innovation Award.
One of the topics that will be discussed at the next Teleperformance Leader Insights Forum in Barcelona will be regarding privacy and security, and how to avoid an ‘unsecure’ digital transformation process. Keynote speaker, Bojana Bellamy, is one of the world’s leading experts on global data privacy, cybersecurity, compliance and policy. I look forward to her insights.