GDPR has placed renewed focus on the issue of information security, and the potential impact and cost of a data breach on involved organisations.
Obviously, a data breach can have substantial financial consequences. Depending on the severity of the GDPR infringement, administrative fines can reach up to €20 million, or 4% of annual global turnover, whichever is higher. Plus, it also leaves you liable to pay damages to individuals or businesses as a result of the breach.
However, fines are not the only cost to a business; reputational damage can be devastating to long-term viability.
In this article, we’ll take a closer look at the wide-ranging costs that can be incurred in response to a data breach.
It is said that all PR is good PR, but it’s not always the case. Data security is intrinsically linked with an individual’s sense of personal safety, and any infringement of that will prompt a fiercely negative response from affected individuals. A business’ reputation can be destroyed by a data breach incident.
Trust is the foundation of customer loyalty. If that trust is compromised, your business may not be able to recover its former standing.
Loss of Revenue & Company Value
Reputational damage as a result of a GDPR breach will almost inevitably lead to a dip in sales. For service providers, such as lawyers or accountants, a breach can result in a loss of retainers or diminished customer loyalty. Larger corporations may find that their company value takes a hit.
In 2013 and 2014, Yahoo experienced several data breaches, which affected large swathes of customer accounts. At the time, they were in the process of being bought out by Verizon. After the breaches took place, Yahoo’s value was slashed by $300 million, which had a significant impact on its shareholders.
Even a giant like Yahoo is susceptible to the effects of a data breach. For smaller companies, this can be catastrophic.
The Pareto Principle
In business management theory, the Pareto Principle states that 80% of a company’s revenue comes from 20% of its customers. These tend to be long-term client relationships, allowing an organisation to take advantage of regular, repeat business.
If a data breach were to damage the trust of this crucial 20% of customers, which is feasible in such circumstances, it could jeopardise 80% of revenue. This can have a devastating impact on long-term business survival.
Small businesses are particularly vulnerable to the long-lasting negative effects of a GDPR breach. They tend to rely on referrals, recommendations, and word-of-mouth marketing. After a data breach, the reputational damage may prove insurmountable.
Don’t forget; if a customer has a positive experience, they will probably tell a handful of people. If they have a negative experience, they will tell everyone they can.
The true cost
Ultimately, the true cost of a data breach to your business may be the business itself. That’s why it’s important to be well-trained in the best practices to protect the personal data you handle.