Experian HQ in Nottingham
Image via Wikipedia

A Ponemon Institute and Experian survey of almost 850 executives reveals that on average it can take up to a year for an organisation to restores its reputation.

Reputations have always been difficult to value as they change with market demands, styles and presentation. This research is interesting as it does place a value on reputation and on the possible impacts of damage.

There is advice on what to do and whilst it is at a high level it is useful for those who only have a few seconds to think about the possible impact before they more on to their next meeting.

The survey reveals that the average loss in brand value ranges from $184 million to more than $330 million.

The minimum brand damage was a 12%, increasing to nearly a ¼ loss of their brand value in some instances.

“A solid reputation is a company’s greatest asset, and it is therefore imperative that business leaders take precautionary steps to protect themselves, their customers, their employees and their intellectual property against data breaches,” said Ozzie Fonseca, director at Experian Data Breach Resolution

“The way business protocols worked five years ago, even two years ago, has drastically changed, and we must prepare ourselves for the new threats to data and privacy. Data breaches are happening to all businesses, small, medium and large, and no industry is immune.”

43% of the companies surveyed had not instituted a data breach incident response plan prior to having a breach.

“The loss or theft of sensitive customer data, as our study quantifies, can have a serious impact on the economic value of a company’s reputation,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute

“We believe this study makes a powerful point about the importance of taking steps to reduce the likelihood of a data breach.”

Experian offers the following advice:

Create an incident plan so your organization is prepared to readily respond to a breach should it happen. Outline exactly what steps you will take if or when a breach occurs. Build your company’s response team in advance, including members with expertise in legal, public relations, compliance and risk management. Communication to consumers and government officials should be done simultaneously, so make sure to dedicate adequate resources in your company plan. Conduct data breach simulations and hold regular security training sessions with employees to review the company’s policies about data protection.

Be proactive instead of reactive. Start with prevention and assume that at some point you will experience a breach and not one that you are likely to discover until the damage has been done.

Here is what can be done now to help secure and protect the information your company is responsible for:

  • Segment sensitive data and restrict access
  • Wipe physical media and shred paper documents
  • Demagnetize external media and overwrite hard-drive data

If you do not have the internal resources or know-how to cover the likely aspects of fallout from a potential breach, call in a third-party specialist to partner with your company through the breach resolution process. Having an expert on hand can help expedite the resolution, limit legal liabilities and increase customer satisfaction. Being prepared before a security breach occurs can mean a big difference to both your company’s bottom line and its reputation.

For more information on Experian and their survey, click here. Survey conducted in October 2011 by the Ponemon Institute.

Businesses should always think about IT Security as an integral part of their business risk management processes because the odds are that a “cyber” incident will happen and are statistically more likely to happen that most other incidents.