While you might be tired of seeing sensationalist stories about new vulnerabilities and data breaches, the cyber liability firm Advisen reports that there's some good news to come out of the Home Depot data breach. Though the attack still cost the home improvement store tens of millions of dollars, Home Depot posted strong sales numbers in the third quarter of 2014 – even in the month it announced the breach.
What does this mean for IT consultants? It suggests that consumers weren't as bothered by Home Depot's data breach as analysts feared. Consumers returned to Home Depot, shopping there as they normally would despite the cyber attack.
Data breach fatigue has become something of a buzzword. It refers to the notion that consumers have grown used to data breaches and are no longer bothered by them. This fatigue is both good and bad. There are two sides to consider:
- It means a breached business's sales won't be affected as much.
- It means that consumers (and possibly businesses) will continue to underestimate their cyber risks.
As with any area of cyber liability, there are many issues involved. For now, let's focus on how a business's reputation can be affected by a breach and whether data breach fatigue really is good news for IT consultants and their clients.
How Much Is a Business's Reputation Damaged by a Breach?
Conventional wisdom says that after a data breach, a business's reputation will take a hit. This will manifest itself in lower sales, but there are other hidden costs as well.
To counteract the negative effects of a breach, businesses will usually hire PR firms and pour extra resources into marketing. Businesses will do what they can to "change the conversation" about their company so that consumers aren't associating it with the recent data breach.
Home Depot didn't lose sales, but it had to spend more in other areas like marketing. As a whole, the company's balance sheet was still significantly weakened by the data breach.
Fortunately for Home Depot, it had Cyber Liability Insurance to cover some of its data breach expenses. The company estimates that it will end up paying $34 million out of a total $55 million in costs related to the breach. Its insurance will cover roughly 40 percent of the data breach expenses.
IT Consultant Takeaways: Some Good News, Some Bad News about Data Breaches
It's extremely hard to quantify the exact cost of a data breach. While strong sales numbers encouraged Home Depot, executives weren't ready to declare victory against the data breach because cleanup and repair costs will continue well into the next quarter and beyond.
What does all this boil down to? As we do the post mortem on Home Depot's data breach, there's some good news and some bad. Let's take a look:
- Good news: The damages to a business's reputation might be less severe than feared.
- Bad news: Data breaches continue to be extremely expensive.
- Good news: If your clients have Cyber Liability Insurance, some of their losses will be covered.
- Bad news: Data breaches are still so expensive that clients may look to sue their IT contractor to make up for the damages.
While data breach fatigue may have lessened the cost of data breaches for retailers, an IT consultant's liability is more or less unchanged. The cost may be lower, but you could still face a lawsuit. If you'd like to learn more about lawsuit coverage for IT professionals, see our information on Technology Errors and Omissions Insurance.