There was a time when data collection was a lucrative practice for companies. That was due to the understanding that the more a brand knows about its target market, the easier it is to address those people and meet their needs. However, recent cyberattacks have made companies think more carefully about whether it’s worthwhile to gather data after all.
High-profile data breaches put companies at risk
Hackers’ methods are increasingly sophisticated, and even when companies have cybersecurity strategies in place, it’s still often possible for criminals to find weak points, infiltrate a system and grab data, often going for months or even longer without detection.
Also, some high-profile data breaches are so substantial, they make people wary of ever doing business with a brand again. A few years ago, a Yahoo data breach victimized all of its three billion users.
More recently, Equifax, a company responsible for keeping data about consumer credit scores, revealed cybercriminals snatched records associated with 143 million people. Most of those individuals had their account details taken, but about 200,000 of them had credit card information and social security numbers compromised, too.
These are just two of the numerous substantial data breaches of recent times. Both caused negative press, tarnished opinions and resultant reputational damage.
Most of the data is valuable to hackers
Data security company Gemalto publishes a Breach Level Index that tracks statistics of all data breaches occurring since 2013. Alarmingly, it found that only four percent of data taken during those attacks was encrypted, making the material useless to the people who took it.
Not surprisingly, the stolen data represents significant financial losses for targeted companies, too. Statistics from the Ponemon Institute indicate each stolen or lost record costs a company $158.
Those vast financial stakes make it necessary for companies to invest in what’s known as sustainable security solutions, or those that proactively evolve to conquer new challenges. However, some aren’t willing to do so due to the initial costs involved.
Expense of meeting regulatory requirements
When companies collect data, they have to meet associated regulations in their home countries as well as the places where their worldwide customers reside.
For example, in May of 2018, the European Union will enact the General Data Protection Regulation (GDPR), which requires companies to report data breaches within 72 hours or face massive fines.
It affects most U.S.-based companies, too. If those entities collect data from EU subjects residing in EU member states at the time of collection, they have to comply with the GDPR as long as they’re actively targeting those European consumers. Analysts say accepting a foreign currency or having dedicated websites for visitors from Europe both qualify.
A PwC poll of multinational companies found 77 percent planned to spend $1 million or more to become compliant. However, a survey carried out by Vanson Bourne and published in September 2017 found 37 percent of global respondents were not sure if they needed to comply with the GDPR. Also, 28 percent believed they did not need to comply at all.
The maximum fine imposed by noncompliance with the GDPR is €20 million or four percent of a company’s annual worldwide turnover, whichever is greater. Some people speculate how often fines will be imposed and how severe they’ll be for an infraction that is not so egregious.
Data breaches of any size can be detrimental
Businesses typically want to do all they can to achieve compliance and keep data safe from hackers because the price for failing to do so is simply too great. The data breaches mentioned above — as well as most others — dominate headlines.
As a result, consumers are more aware of them than they once were and often look for ways to opt out of data collection procedures a company uses.
Additionally, it doesn’t matter how big the data breach is. It will still have a negative impact on the company involved. Once the news breaks about an attack, people quickly conclude that the affected business was lax in keeping its networks secure.
That also means winning back trust is a time-consuming and often monetarily costly exercise. Sometimes, the efforts made to do so only make matters worse.
For instance, Equifax allowed people to go online to check whether or not they had possibly been affected — but that process often left people with more questions than answers.
It’s not hard to see why many companies realize the cost of collecting data and holding onto it could be more expensive than not having that material in the first place. Therefore, the near future may show businesses deciding to readjust their practices.