Publications

© 2014 by the American Bar Association. Reproduced with permission. All rights reserved. This information or any portion thereof may not be copied or disseminated in any form or by any means or stored in an electronic database or retrieval system without the express written consent of the American Bar Association.

In 2013, reported data breaches reached an all-time high—at least 740 million records were compromised. Press Release, Online Trust Alliance (OTA), Online Trust Alliance Finds Data Breaches Spiked to Record Level in 2013; 89 Percent Could Have Been Prevented (Jan. 22, 2014). Businesses understandably are concerned because these breaches can be enormously costly. In 2012, for example, the average total organizational cost of a data breach to a U.S. company was over $5.4 million. Ponemon Inst., 2013 Cost of Data Breach Study: Global Analysis 5 (May 2013). Recent events illustrate that for large companies experiencing a major data breach, the loss may be much greater. According to the OTA, 40 percent of the largest data breaches to date occurred in 2013. OTA, 2014 Data Protection & Breach Readiness Guide 4 (Jan. 22, 2014). The recent data breach at Target Corp. offers a stark example: Some analysts estimate that Target’s breach may end up costing the company close to $1 billion. Smaller firms fare no better against breaches and have less ability to absorb losses. The cyber-security forecast for U.S. business is dark.

While no amount of planning or employee training can eliminate entirely the risk of a data breach, there are six steps businesses can take prior to a breach occurring that may lower the risk of loss significantly.