State laws may compel companies to disclose theft of government data, but if there’s no obligation to disclose, why would they?
Disclosure invites public scrutiny and litigation that could otherwise be avoided.
Read 4iQ CEO Monica Pal’s latest op-ed on why more needs to be done to ensure that companies have the right incentives to act in the best interests of consumers.
With data breaches becoming increasingly costly — IBM calculates that the average cost of a breach has increased to a staggering $3.86 million — damage mitigation has come under increasing scrutiny as well. Done right, companies that suffer a data breach generally take an approach that’s proactive, honest and transparent. After learning that a company has suffered a breach, the common advice is to swiftly investigate the situation, identify and mend the issue, notify stakeholders — internally and externally — and ultimately provide assistance to those affected. Yet many companies choose to delay disclosing the breach to the public. From an outsider’s perspective, it may seem as though companies worry more about avoiding bad press than protecting the victims. After all, once sensitive information has been compromised, time is not a luxury. However, the companies are not entirely at fault.