Organizations Aren’t Worried About Data Security — Only Their Reputations

Many cloud discussions center around data security. When infrastructure is out of corporate control, it’s natural to be concerned about the precautions taken to protect vital information assets. Ultimately, cloud security is not any weaker than on-premise data centers, but it turns out that corporate IT departments aren’t really concerned about losing data, anyway.

They’re worried about what everyone else will think if they lose that data.

With only 25% of companies are equipped to handle data breaches, corporations still cite damage to reputation as the biggest risk of being hacked. A recent study from the International Association of Privacy Professionals found that 83% of public companies in the United States cite the impact to corporate reputation as the number one risk of a data breach.

Only 60% cited civil litigation, and barely half (51%) cited regulatory enforcement or remediation (50%). In other words, the damage taken by a brand is seen as far more damaging to a stock than having to pay a fine or sort out bureaucratic entanglements.

In two of the most high profile hacks from recent years, Home Depot and Target did face immediate consumer backlash while they remained in the headline. But of the two, it seems only Target had significant measurable negative impact to the brand, with customer satisfaction dropping 2 points year-over-year according to one survey, and customer service ratings dropping 3.3%. The Target breach also led to a credit rating cut from S&P.