One of America’s top credit unions, Canadian personal and business financial services cooperative, Desjardins, has revealed that it’s spent around C$70 million (which is US $53 million and nearly £44 million) in Q2 2019 after its data privacy breach earlier this year, which exposed the personal information of 2.9 million members.
Ilia Kolochenko, founder and CEO of web security company ImmuniWeb, has commented on the Desjardins story:
"Unfortunately, it seems that the amount is merely a harbinger of much higher financial losses and spiraling spending that will likely last for years. Most businesses foreseeably downplay data breach losses, omitting vital components of the inflicted damages in their calculations.
Individual and collective lawsuits initiated by the victims, even if settled with comparatively scanty compensation afterwards, usually end years after the breach. Penalties and regulatory fines imposed by the governments, often in different countries thereby aggravating the costs, likewise are not of an immediate nature.
Last but not least, the ongoing reputational damage and loss of business is frequently incremental but somewhat imperceptible. Most customers and partners won’t resign their contracts with a hacked company immediately after the incident for a diversity of practical reasons, though they will undoubtably have less intention of renewing their contracts afterwards.
Cybersecurity insurance may be an explorable avenue to handle, often inevitable, data breaches with less costs. However, given the emerging nature of this market, it’s a slippery slope and insurance contracts shall be meticulously revised by a trusted law firm and cybersecurity experts for mushrooming exceptions and waivers."
What do you think about the Desjardins news? What about the Equifax hack or the even more recent CapitalOne breach? Do you feel your data is safe even with big banking institutions? Tell us in the comments section.