Recent headline-grabbing data breaches have highlighted the profound cost impacts awaiting businesses that fail to ensure adequate security of personal data.
Accounting software company Sage saw its share price open 4% lower in the immediate aftermath of revelations that almost 300 UK company records were compromised, including employee bank details and salary information.
It was disclosed that the breach, which affected Sage UK Payroll Services, was conducted by an employee.
Earlier this year, telecoms operator TalkTalk announced that the cyber-attacks it suffered in October 2015 had, it transpired, been much less directly damaging than originally feared, with the breach only affecting 4% of its customers, none of whom suffered any financial loss as a consequence.
However, TalkTalk management has now revealed total losses of more than £60m to the business, following three separate breaches, as a result of reputational damage, plus widespread customer dissatisfaction with the way the company handled the incident.
In addition, the company reported a net loss of more than 100,000 customers since the affair.
Companies are under increasing commercial pressure to ensure adequate systems are in place to guarantee the security of personal data, as the forthcoming EU GDPR approaches in May 2018.
Costs incurred through reputational damage, as seen in the cases of TalkTalk and Sage, directly impact upon areas such as customer retention and shareholder value.
On top of this, companies failing to comply with GDPR also face fines of up to €20m or 4% of turnover, whichever is the higher.