This One Mistake Could Cost You Billions

Danielle Beurteaux

According Interbrand’s 2014 Best Global Brands list, the top two companies alone (out of 100) are worth in excess of $200 billion just in terms of brand value. A brand is a promise—no trust, and a brand’s worth takes a hit.Keys with red keychain in lock  close-up. --- Image by © Mike Watson/moodboard/Corbis

Last week, a hack of the federal government’s employee records hit the news. Some outlets further reported that even more information than was originally claimed had been hacked — as in every single social security number of employees past and present. (The hack was uncovered, ironically, during a demonstration of a security product).

There were also reports that Kapersky Lab, the Moscow-based tech security firm, just uncovered an attack which was possibly embedded in their systems for a year. Kapersky claims that neither they nor their customers were compromised.

We’re not trying to make anyone paranoid, but hacking has gone beyond the occasional attack to something we read about weekly, and at ever-increasing levels. And with the expansion of the Internet of Things, security is now an issue for companies that could previously ignore it. An example: a medical company producing a device that’s connected. If it’s connected, it’s hackable.

So think about this: Security flaws aren’t just about security, they’re also about brand reputation. A hack will cost you twice: once to get it fixed, and the second time in loss of trust. And that price tag can be so much bigger than the hacker’s loot.

Corporate boards are paying attention

According to a recent report, cyber security issues are discussed during most board meetings, and 70 percent of those surveyed are concerned about breaches via third-party software. And post-breach, not all fingers will be pointing at the head of IT—CEOs are now seen as responsible for company cyber security.

Legal stakes raised

The Department of Justice just released guidelines that cover the full pre- to post-breach response, and as these two experts write, these guidelines will be the steps against which cyber security is measured. Not conforming to this model could “leave companies that experience a breach open to new theories of liability and new claims of negligence.”

Cyber security experts needed

With more than 200,000 unfilled security positions and a 75 percent increase in jobs in the past five years alone, there aren’t enough cyber security experts to meet the need. Some colleges are rushing to get students on the training track.

Hire a hacker?

One of the problems of hiring hackers is the gray legal area in which they operate. There’s a proposal from the Department of Commerce on the table requiring licenses.

Or perhaps you’ll need to add a budget line item for bugs – like HackerOne in San Francisco, which acts as a link between ethical hackers and companies that want help with their security breaches. Facebook, Microsoft, Google and United Airlines have bounty programs in which they pay hackers who identify security flaws.

Want more insight on where business’s future opportunities – and challenges – lie? See Big Data, The Internet Of Things, And The Fourth V.

Danielle Beurteaux

About Danielle Beurteaux

Danielle Beurteaux is a New York–based writer who covers business, technology, and philanthropy. Her work has appeared in The New York Times and on Popular Mechanics, CNN, and Institutional Investor's Alpha, among other outlets.