Unraveling Cyber Chaos: Understanding the Costs of Cyber Attacks
Download MP3A lot of clients ask what the types of consequences that can come from a cyberattack for a business are. Well, here's a really good example: the Federal Trade Commission, which normally enforces and regulates these, is taking action against a company for failing to secure data and to notify customers after the breach.
So what happens is that anytime you have a cyber attack, ransomware, or some other type of data exfiltration, you have consequences that go beyond just the money. The government at the state level and the federal level will have regulations that you need to comply with. You have to notify consumers; maybe you have to purchase identity protection for them; maybe you have to pay some other type of fine or penalty. Most importantly, if they find that you failed to adequately secure the data in advance, you didn't have monitoring, or you didn't have the proper procedures or insurance, they're going to come in after the fact and cause consequences for your company.
So whether you're a large company or a small company, the rules are the same, and the after-event consequences can happen many, many years after the fact, and the penalties can be pretty high. How high? Well, let's take a look. According to the article, the violation for each order may result in a penalty of $50,000, and they can multiply that by the number of customer records that were breached. So be aware: the penalties can be very Draconian. You don't want to be in a place where you have very large consequences, whether regulatory or financial, and have no backup for them.
