A Business's Reputation Depends On How They Handle a Cyber Breach
It is over two weeks since news first broke of the biggest data breach in history, and the pressure continues to mount on Yahoo to disclose how much it already knew about the breach in 2014; did they intentionally delay disclosing the issue to a potential acquirer (Verizon)?
When they first publicly disclosed details of the attack (which resulted in the loss of data for 500 million users), Yahoo were at pains to say that they were the victims of a state-sponsored attack, although little supporting evidence was presented to suggest that this was indeed the case.
How to Handle Such a Breach?
This raises an interesting question regarding the reporting of such high profile breaches: do companies perceive that the public will have greater empathy and perhaps be less critical of a company if they have been the victim of a state-sponsored attack as opposed to a run-of-the-mill criminal? In fact, an increasing number of security experts are now suggesting that the massive breach was indeed carried out by criminals and not a nation state.
Recent reports have also suggested that the final number of records lost could be closer to 1 billion. Regardless of the final number, one of the main criticisms of this case is not necessarily how Yahoo lost the data two years ago (since, other than size, this was no better or worse than any number of publicised large data thefts), but more about why it took them so long to acknowledge it and the time it took to notify customers to take remedial action.
Large-scale data breaches will continue to be mainstream and it is important that companies continue to protect client data proportionately. However, as this recent case demonstrates, the integrity and reputation of a company will more likely be judged by the professionalism, honesty and openness in which a company responds.
It is yet another lesson for company board members, in preparation for the breaches that could one day happen to them.
Your free Global Geopolitical Dashboard
PGI’s Risk Portal tool provides daily intelligence feeds, country threat assessments and analytical insights, enabling clients to track, understand and navigate geopolitical threats.
The Risk Portal gives users up-to-date information and analysis on global affairs.
The Risk Portal allows users to visualise information in a unique and instantly understandable way. Mapping filters enable the visualisation of incidents by threat category, time period, perpetrator and target type.
Risk Portal users can upgrade their accounts to include the Report Builder and Country Profile Generator features. The Report Builder allows users to select information, data and images from the Risk Portal and create bespoke reports and emails.
Subscribers to PGI’s Bespoke services receive tailored analysis on specific sectors and geographies of interest, delivered at a frequency they determine.
Subscribe to our Cyber Bytes Newsletter
Keep yourself in the loop with PGI by signing up to our Weekly Cyber Bytes email. You will receive updates, tips and narrative around what has been happening in the world of information security.