One year later: The influence of Equifax & other data breaches on corporate culture

These days, the risk and potential compromise of our personal information seems to be growing exponentially. Scammers, hackers, cybercriminals and identity thieves are constantly finding new ways to commit fraud.

Cybercrime is also the number one threat to companies around the world. Perhaps no incident is more notorious than the Equifax data breach of September 2017 which affected nearly 148 million people. Looking back one year and thousands of data breaches later, let’s examine how business exposure has changed.

Financial & legal implications

The Equifax data breach shined a light on the magnitude in which personal information can be compromised through just one security incident. Granted, Equifax’s compromise is more aligned with a mega breach, as approximately half of the U.S. adult population had their Social Security numbers, addresses, phone numbers, driver’s license numbers, email addresses, credit card numbers, and tax information stolen. Any combination of just two of these identifiers can be used to commit fraud, including synthetic identity theft, along with other criminal activities.

Related: Data protection officers hold the hot jobs

On the flip side, business leaders have gradually started to realize how financially devastating a cyberattack can be. Benchmark research sponsored and distributed in July 2018 by IBM Security and independently conducted by Ponemon Institute LLC found that the cost of a data breach in the U.S. averaged $7.91 million dollars – a dollar value that exceeded any other country. This finding is based on a multitude of factors and costs including the creation of contact databases, determination of all regulatory requirements, engagement of outside experts, postal expenditures, email bounce-backs, and inbound communication setups. Notification costs for organizations in the United States were the highest at $740,000. These unanticipated expenses can severely devastate or potentially wipe out an operation.

Outside of the cost of notification, reputational damage, and customer attrition, businesses also have to worry about class action lawsuits as well as fines levied for non-compliance with data breach legislation. Due to the Equifax breach, Congress introduced the Data Breach Prevention and Compensation Act of 2018. This bill is still pending, but if it were law at this time last year, Equifax would be forced to pay $1.5 billion in reparations. All 50 states have enacted their own breach notification laws.

The impact on business operations

Even if it wasn’t your company’s data that was compromised, it doesn’t mean your operations can’t be impacted. Cybercriminals don’t discriminate who they go after. And, as breaches continue to happen daily, fraudsters are gaining access to an increased amount of personal data that can be used against us. In fact, one in three people who have their information exposed because of a data breach become a victim of an identity crime.

When it’s your employees or colleagues who are targeted, it triggers a ripple effect throughout your organization. The Identity Theft Resource Center’s (ITRC) Aftermath Study, showed that nearly a quarter of identity fraud victims had to take time off of work to resolve their issue. Additionally, 75 percent of those affected reported severe emotional distress. These factors combine to negatively impact the productivity of the individual and everyone that they work with.

The information exposed by data breaches, even one that happened a year ago (or longer), is still out there. This means that everyone is forever vulnerable. There’s a real opportunity here for business leaders to lead the charge in protecting their sensitive corporate, customer, partner, and employee data – and it starts with employee benefits.

No company can fully protect itself against the myriad of cyberthreats and attack angles that we’re facing today. However, HR and Total Rewards leaders can step in today to help secure the Personally Identifiable Information (PII) of their employees.

Identity theft protection is one of the fastest growing employee benefits being offered, and the best solution to help employees safeguard their PII against data breaches. There were 16.7 million victims of identity theft last year – an increase of 4 million since 2014. Willis Towers Watson predicts that 63 percent of employers will offer ID theft protection by 2021. For benefits brokers and HR professionals, this easy-to-sell benefit fits perfectly into financial and mental wellness programs.

Alleviating corporate exposure

As more businesses witness the effects of data breaches every day, boardroom conversations around the topic of cybersecurity and corporate exposure have become commonplace. Beyond proactively offering identity theft protection, here are some recommendations on how companies can better protect sensitive personal and business information:

1. Invest in better cybersecurity: Only 65 percent of global firms have a cybersecurity expert on staff. Between the talent needed to test networks and systems, and having the proper software to detect threats, an investment in cybersecurity is an investment in the future of your business.

2. Train employees on security best practices: The number one source of data breaches is negligent employee behavior. That includes everything from leaving confidential notes unattended or computers unlocked, to falling for a phishing email. Instituting a training program to educate employees on best practices can help mitigate the internal risk of a data breach.

3. Stay up to date on the latest scams: As I mentioned earlier, the cyberthreats facing both businesses and consumers are constantly evolving. Be sure to monitor the latest scams, and weave them into your employee training program.

The September 2017 Equifax mega breach was a wakeup call for executives and leaders in cybersecurity everywhere, but now it’s become part of the conversation for every HR and employee benefits professional. We insure our health, dental, and even our lives – but the time has come to protect what matters most: our collective identities.

Dale Dabbs is the CEO and President of EZShield + IdentityForce. Dale is a recognized leader with a proven record of delivering measurable and significant revenue growth and shareholder value, as well as driving organizational change by building strong executive leadership teams.