Anthem paid out $115 million in 2017 to settle a number of class action lawsuits brought by victims of a data breach. That sum is the highest in history, but it’s hardly the only astronomical figure like this. Litigation regularly leads to multi-million dollar penalties.
The figures are only going to climb in coming years. The frequency and scale of data breaches are both on the rise. So is consumer resentment and regulatory oversight. That creates a perfect storm for businesses large and small. Unfortunately, we can expect to see more data breach lawsuits and steadily larger settlements.
At this point, companies must consider cybersecurity to be a mission-critical concern. No company can sustain nine-figure settlements, and for many companies, even a small settlement would mean disaster. That makes it essential for all businesses to avoid data
breaches and the consequences of lawsuits.
Rely on these strategies to bring down risk and liability:
Practice for a Real Data Breach
Preventing a data breach is the first priority, but limiting the damage also limits the number of plaintiffs. The best way for companies to catch breaches faster and limit the exposed information is through planning. That includes comprehensive cybersecurity training and education for all members of staff. It also includes data breach simulations that allow for hands-on training. If and when a real breach occurs, well-prepared staff can respond swiftly and capable.
Make Careful Public Comments
When company officials make announcements about data breaches they must pick their words carefully. Making the wrong claims or promises could later be used by plaintiffs in court. Disclosing the data breach is mandatory, but comments should be carefully crafted in advance. In addition to an IT response team, companies should have a disaster PR team in place.
Own the Mistake Early
Data breach settlements are typically calculated based on the number of victims and the scope of the damage. Part of the calculation is how long it took the offending company to announce the data breach. Waiting too long subjects companies to potentially much larger settlements, yet the evasion gains them nothing. It is in the best interest to be honest and forthcoming with the public as soon as the issue is detected.
Rely on Cyber Coverage
Cybersecurity is all about risk management. Companies must reduce the risk of cyber attacks but also acknowledge they are likely, even inevitable. Realistically, companies may not be able to avoid data breach lawsuits or other expensive penalties entirely. That is where cyber coverage kicks in. It provides financial, legal, technical, and other resources to help companies resolve data breaches. The right cybersecurity insurance policy is the difference between a financial penalty and a financial disaster.
Focus on Vendors
A smart way to avoid more threats is to focus on third-party cybersecurity. Relationships between a company and a vendor, supplier, partner or other business associate create links between their IT networks. That means gaps in a vendor’s security measures could send threats into another network. In the event of a lawsuit, vendors may bear some responsibility. The better strategy, however, is to only work with vendors with acceptable levels of cybersecurity.
Cybersecurity is easy to ignore. But after an incident, it’s impossible to think about anything else. Don’t let your company be the next one blindsided by a cyber attack and years of fallout afterward. Take steps now to protect your future.