Data leaks and data breaches can come from anywhere. Data leaks can occur when an employee mistakenly leaves an API key on Github, or when a third party gives the public access to your proprietary information due to a permissions issue, or when a user clicks on a phishing link and gives their personal information away.
With the increasing avenues of where a data leak can come from, it’s important to ask a few questions. Why is data leaking from that particular source? How can you prevent those data leaks? How can an organization quickly monitor and accelerate remediation on cyber risk? And finally what are the attitudes around data leaks from organizations to employees to the end-user?
Table of Contents
What Are Organizations Doing about Data Breaches?
If an organization’s data has been breached, it takes an organization around 287 days to identify and contain that breach (IBM). Flare has found millions of lines of text and data on anonymous sharing websites on a daily basis in addition to the 200,000 passwords and API keys that are published on Github and are not found for up to six months.
How can you remediate any digital risk if you’re not even aware your data is out of your environment? The issue, in this case, is not just remediation but is also the enforcement of timely identification and risk prioritization before the data has found itself in the hands of bad actors.
What Are the Effects of Data Breaches on the Stock Price of an Organization?
When a data breach occurs, companies pay to remediate the breach in a number of ways. However, as companies remediate their breaches the stock market always reflects the loss of business and consumer confidence. According to a study by Comparitech:
- Share prices of breached companies hit a low point of approximately 110 market days following a breach. Share prices fall -3.5% on average, and underperform the NASDAQ by -3.5%
- In the long term, breached companies underperformed the market. After one year, Share price fell -8.6% on average, and underperformed the NASDAQ by -8.6%. After two years, average share price fell -11.3%, and underperformed the NASDAQ by -11.9%. And after three years, average share price is down by -15.6% and down against the NASDAQ by -15.6%.
It is clear that in 2021 and 2022, the cost and prevalence of data leaks and data breaches are trending upwards and organizations must readjust and prepare for this new normal. Organizations are quickly realizing it’s no longer a question of if they will be breached or data leaked but when it will happen. Within the next five years, spending on cybersecurity is expected to reach a cumulative $1.75 trillion on products and services to protect their data and digital infrastructure.
How Do Data Breaches Affect Employees?
According to a Stanford study 88, % of all data leaks are caused by human error. However as mentioned in our article beforehand, most organizations don’t find out that they were breached for up to six months.
HP’s Wolf Security division conducted a study of 8,400 workers who moved from working from the office to working from home. 91% of those respondents said that they felt pressure to compromise security for business continuity, and 76% of the IT respondents said that security sometimes had to take a backseat to business continuity needs during the pandemic period. Due to the adoption of the work from home practices it is essential for companies to educate and support their new employees while adapting to this new normal, not only for their cybersecurity but also for their employees health.
When an employee does find out that they were the cause of a breach or if their company was breached there are consequences to their mental health . According to a Kasperksy report, 30% of employees who were involved in the aftermath of a security incident missed an important personal event, had to work overnight (32%), or suffered additional stressors (33%). A quarter of respondents said that they have canceled their vacations due to data breach issues (27%).
How Do Data Breaches Affect Users?
What is the general public’s attitude towards breaches and data leaks? Is the public just used to their data leaking?
With the rise of data leaks in 2021 & 2022, it seems hard for users to come out unscathed. Do they see their data being leaked time and time again as a necessary evil?
This begs another question: Does the public even know their data has leaked? The answer to that question is, in most cases, no.
In 2021, a research team from the University of Michigan (U-M) asked the participants of their study about actual data breaches that impacted them. The researches showed 413 people facts from up to three breaches that involved their personal information. The team from U-M, George Washington University, and Karlsruhe Institute of Technology found people were not aware of 74% of the breaches.
Additionally, the report also found that most of those breached blamed their own personal behaviors for the events with only 14% attributing the problem to external factors.
It seems that even though it is clear that data breaches affect a company’s stock price in the long and short run, most consumers and employees (who also have their data leaked) are not aware of the breach and how it could impact them.
This phenomenon could be explained by poor communication from organizations, a lack of digital risk protection software that assesses digital risk on an ongoing basis, and also as an absence in the willingness of consumers and employees to understand how data breaches could affect them personally.
However, when a user specifically does find out about the fact that their data was leaked through a breach the effects are clear and consequential.
According to a recent survey by the nonprofit Identity Theft Resource Center, “86% of victims of identity theft reported feeling worried, angry and frustrated. Nearly 70% felt they could not trust others and they felt unsafe. More than two-thirds reported feelings of powerlessness or helplessness. Sadness or depression afflicted 59%. Half of the victims reported losing interest in activities or hobbies they once enjoyed.”
It is clear that most individuals are not aware of if their data has been breached, if they are made aware of that fact they are affected negatively emotionally. Individual consumers do care about the rise of data breaches, however, they have a strong response especially when they find out that their data has leaked.
A Call to Action for Organizations
To better understand data breaches, companies must do a better job at firstly educating their own employees on how to prevent them. Secondly, companies must put in place a monitoring and alerting system for their digital footprint so that when there is a digital risk, companies can remediate the issue as soon as possible to avoid damage. Thirdly, if the business does find out data has leaked, they should build systems in place to properly educate and inform consumers. Lastly, consumers should improve their security practices and make sure that they practice good cybersecurity hygiene.
Data privacy is a topic that goes hand in hand when discussing data breaches and leaks. As consumers witness their data leaking due to employee error, or their own errors, consumers will hold companies and organizations accountable for improving the security apparatus of all organizations. In the end, data leaked that is of a consumer, of an employee or of an organization, in general, all need to be identified, prioritized and remediated as soon as possible.
Since we’re covering 2021 trends and 2022 predictions in our upcoming webinar (12th January 2022), we thought it’d be interesting to give you some context around consumer attitudes on data leakage. To hear more about our thoughts on AI, Dependency management and the future of data privacy and protection sign up for our webinar.
