Managing Cyber Risks: Costs of Data Breach
Costs. High costs. The greatest challenge corporate legal departments face in managing cyber issues in 2019 may be paying for them.
Every general counsel must prepare the legal department’s annual spend. Routine and recurring expenses are easy to identify. Unplanned events may be the more expensive ones for corporate legal departments.
I recall a time when the Russian legislature passed its budget and included a provision in the tax code that retroactively required corporations to pay employment taxes for its independent contractors. Consequently, the company suddenly owed many millions of dollars in unplanned taxes. Not only did the company face additional direct financial exposure with the regulating agency, but the company also encountered new indirect legal costs that were difficult to foresee. The Russian market was and continues to be high-risk in terms of legal exposure.
Tasked with the charge to eliminate the problem, I had to develop a strategy to reverse the impact of the new law and seek approval for new funds to cover the cost of that effort. I essentially had to be a response team of one lawyer who could identify and develop workable solutions the company was willing to pay for.
Just as the Russian market is uncertain, so is the ongoing security of a company’s data. Data breaches are, no doubt, unplanned events that all lawyers dread. A leading cyber executive I know reminds us that there are two kinds of CEOs: one that knows his company’s data has been breached and one who doesn’t.
Do you have the in-house expertise to manage the many legal issues associated with a data breach? Are you capable of leading or serving on an incident response team? Does the company have an incident response team? Are you the general counsel or chief compliance officer who knows or is yet to find out?
When the answers are “no”, costs soar. Direct and indirect. We learned a few important conclusions from The Ponemon Institute’s 2018 Cost of a Data Breach Study: Global Overview. Recognizing that the average total cost of a data breach is $3.9 million, or $148 per record, it’s safe to assume that the legal costs of data breaches are significant. Firms that use an incident response team can reduce the cost of the data breach to $134, or $14 per record, which suggests that legal costs can also be reduced.
How do you assess your company’s risk for a data breach? Ignyte can assess your risk before you’re in rapid response mode. See ignyte1stg.wpengine.com to take your first step.