Anthem Can Survive a Data Breach, But Can Your Business Survive?
In early February 2015, Anthem, Inc., the second largest health insurance company in the U.S., announced that its computer systems had been breached. Hackers broke into a database containing information on 80 million customers. They stole large amounts of personal information, including names, birthdays, Social Security and medical ID numbers, street and email addresses, employment records, and even income data.
Anthem responded by notifying the Federal Bureau of Investigation and informing present and former customers of the intrusion. The company also promised to provide credit monitoring and identity protection services to those affected.
Anthem is a huge corporation that earned $2.6 billion in profits in 2014 on $73.9 billion in revenues. It can absorb an event like this and continue operating. Would your business survive a similar event?
Data breaches are becoming more frequent, and the hackers do not limit their targets to Fortune 500 companies. According to the Identity Theft Resource Center, there were 783 data breaches reported in the U.S. in 2014, a new record. Many others went unreported. One of the largest breaches in history hit the retail chain Target in 2013; the hackers accessed Target’s systems by hacking into the network of a heating, ventilating and air conditioning contractor in Pennsylvania. The contractor had credentials for logging into Target’s systems.
Target’s estimated losses from the intrusion exceeded $400 million. While the Ponemon Institute has reported that the average cost of a data breach in 2013 was a much lower $3.5 million, that amount is still beyond the means of all but the largest businesses. Some of the costs a business will face after a data breach are:
- Notifying hundreds or thousands of past and present customers that their information has been compromised.
- Providing credit monitoring and identity protection services to the affected customers as partial restitution.
- If a breach is especially severe, it could cause the business to shut down temporarily
- Financial and information assets stolen by the hackers.
- Lawsuits from individuals who suffer damage because of the breach. More than 90 lawsuits were filed against Target in the first months after its breach. A class action suit is scheduled for trial in 2016.
- Fines and penalties assessed by regulators. Two New York City health care organizations paid $4.8 million in 2014 to the federal government for failing to secure thousands of patients’ electronic health records.
- Damaged reputations and lost customers. The average number of customers a business loses after a breach is rising; Ponemon reported that the average jumped 15 percent in 2013.
Few businesses can recover from the blow dealt by a data breach. Business owners should implement tough computer security measures and plans for dealing with a breach should one occur. They should also consider purchasing cyber risk insurance. These policies cover a variety of losses that result from network intrusions. A professional insurance agent can provide information about the coverage various policies offer and their cost.
Ponemon estimates that the average company has a 19 percent chance of suffering from a data breach involving 10,000 records or more over the next two years. If your business is to survive, now is the time to prepare.