researchHQ’s Key Takeaways:
- In today’s uncertain world, business resilience is less about returning to ‘normal’ and more to do with pivoting to maintain core principles in the face of turbulence.
- Organisations must position their processes and systems to be able to respond quickly and efficiently to worst-case scenarios.
- Under a tightening regulatory environment, a data breach risks exposure to severe financial repercussions which threaten organisations’ bottom line.
- Timely and transparent communication is critical to managing a company’s brand in the wake of a data breach.
Is your business resilient enough to weather the storm that is a data breach? Should the worst happen and you find your company’s confidential data exposed to prying eyes, do you have a robust incident response (IR) plan in place to help guide you?
A data breach can spur a company to action like few other events we can think of. It takes a good deal of forethought and planning to be able to manage the fallout, reassure customers that their privacy wasn’t compromised (and if it was, to outline the steps you’re taking to protect them), and so on. There’s a lot of adapting required, and that means the more resilient your business is, the better equipped you’ll be to come out the other side of a breach intact.
We’re going to break this expansive topic into three sections for today’s overview, what we mean when we say “business resiliency,” a sample of the business impacts a data breach can have on your company, and some concrete steps you can take today to begin developing the resilience your business needs.
Business Resiliency: A Definition
Resilience, resiliency, business resilience, personal resilience, the idea of resilience has taken hold in recent years, and it seems like everyone is talking about it. At the same time, we’ve noticed a diversity of opinions on just what the word “resilience” means. We take a broad view of the concept, borrowing from the psychological literature on the topic:
“Resiliency: An entity’s ability to pivot in order to maintain its core principles and values in the face of a dramatic turn of events.”
This definition leaves some things open to interpretation, and that’s part of why we like it. Is that entity a person? A corner store? A family? A multinational corporation? The definition applies to all of the above. For a business to fit this definition, its systems must be scalable, processes flexible, and systems adaptable.
One more thing to point out about our working definition, the missing words “return to normal.” If there are one lesson businesses are learning during the global COVID-19 pandemic, it’s that the future is uncertain, and nobody can accurately predict what “normal” will look like in 6 months’ time, let alone six years’ time. For a business to consider itself truly resilient, it must recognize that uncertainty and structure its processes accordingly. This resiliency is the key to future-proofing your business for whatever the new normal looks like.
Business Impacts of a Data Breach
So what does all that talk about business resiliency have to do with data breaches? Only everything. An organization with flexible processes and agile systems in place will be better positioned to respond quickly and concisely should the worst-case scenario occur — customer data leaked into the wilds of the dark web.
We go into greater detail about the potential impacts to your business in an upcoming whitepaper, so look for that soon. In the meantime, we’re going to give you a sampling of some of the areas that tend to be hardest hit in the event of a breach: financials and brand reputation. As with any business topic, there will be overlap between these. However, there are enough differentiating factors that you’ll want to approach them separately.
Financial impacts of a data breach
To many, it will seem self-evident that the bottom line will take a hit with a breach. However, there are hidden costs that many overlook when laying out business continuity plans and data recovery schemes. For starters, if you are located or do business in a region covered by data protection legislation, you’ll be looking at potential fines and regulatory fees. The major global regulations, GDPR in the EU, CCPA in California, PIPEDA in Canada, and LGPD in Brazil, for example, all include hefty fines if a company is found to have been non-compliant.