One of the first calls companies make when they learn about a security issue is to their outside counsel – sometimes referred to as a “breach coach.” Phone calls and subsequent legal counsel these coaches provide are invaluable when it comes to navigating the breach response process, mitigating risk, and (hopefully) avoiding regulatory scrutiny and fines.
But sometimes this critical counsel during the response process is just the start of the legal fees that companies may incur.
No matter the circumstances of a data breach or the steps taken to manage it, the company may be pursued by a variety of parties including the US government, consumers, shareholders, vendors, business partners and customers.
Typically, court cases can take an average of three to five years, and the costs associated with a lawsuit can come from several different areas and can add up quickly. Types of incurred costs include attorney, court, copy and deposition fees as well as expenses related to pertinent records and court reporters.
So, what does that mean in real, financial terms? Take Target’s litigation costs following its breach as an example:
This blog is part two of our Breach 101: Cost of Non-Compliance blog series.
If a company does not protect consumers’ information from a data breach, legal action can be taken to correct the damages. However, lawsuits may take years to complete and there is no guarantee of how much compensation customers will receive.
In the case of the 2013 Target data breach, the company settled class action lawsuits with customers for $10 million, a sum that is small in comparison to the over 100 million customers whose financial or personal information was exposed. However, to help protect yourself from getting to the point of litigation, it is important to monitor your financial records and alert companies that have your financial or personal information if you feel something seems suspicious.
Companies that invest in fortifying their cyber security not only limit the scope of a hack, but can also have a more defensible position should a lawsuit arise. Choosing the right security partners can help you not only prevent a breach, but also understand the full impact of the data lost or compromised, ensure a timely and effective response, and demonstrate commitment to doing the right thing and taking security seriously. Then, even if you are fighting a legal battle in the courtroom, you may be able to maintain or even build confidence in the court of public opinion.
Recent Blog Entries
Social MediaTweets by 4iQDelveDeep