Data breaches are quickly becoming one of the biggest threats faced by businesses. The sophistication and frequency of attacks and the volume of records compromised continue to escalate. Janet Napolitano, secretary of the Department of Homeland Security, recently testified that public and private computer systems face a dangerous combination of known and unknown vulnerabilities from which no industry, community, or individual is immune. Securing America’s Future: The Cybersecurity Act of 2012: Hearing Before the S. Comm. on Homeland Sec.,112th Cong. (2012).
A data breach can devastate a company by damaging its reputation and imposing significant direct costs, such as penalties, and indirect costs, such as lost customers and productivity. In 2012, data breaches affected companies across the country, including AOL, LinkedIn, Google, Zappos, and Massachusetts General Hospital. Data breaches also impacted non-profits, such as the Massachusetts eHealth Collaborative, a 35-person organization that spent over 600 employee-hours and $300,000 in fees to respond to the theft of a single laptop.
Almost every company maintains information that identifies customers or employees, such as Social Security numbers or credit-card data. As companies increasingly store personal information electronically, they simultaneously increase their vulnerability to security breaches. By planning in advance, companies can minimize the risk of a data breach and the substantial costs and impact imposed in the event a data breach occurs.