Anatomy of a Privacy Breach

Anatomy of a Privacy Breach

Picture this. You’ve taken a rare holiday to visit relatives abroad. While you’re sipping your first cocktail of the evening your phone chimes. It’s the office back home. Your database administrator needs to notify you of a problem at your network services provider. The cause is not yet clear but the contingency plans worked well and the network is back up and running. Everything seems to be okay. You go back to your drink.

The next day you get an update. It’s now thought a hacker was involved and there’s a chance customer records were compromised. Somehow, the local TV news has the story and they’ve called your office asking for a comment. Your holiday comes to a premature end. Your IT team needs specialist help assessing exactly how the hacker got in and what data was stolen. Your operations director needs you to urgently approve a £15,000 retainer for a computer forensics specialist to help investigate the breach. He tells you that you have to do this if you’re to have any hope of maintaining PCI DSS compliance.

By mid afternoon the following day the story has broken on the news services and your receptionist is overwhelmed with calls from anxious customers and the media. A lawyer who claims to represent “concerned parties” has also been in touch. You need to ramp up your PR and hire additional resources - fast.

By the end of the week the network forensics are still ongoing but you don’t yet know the full extent of the breach. It looks like payment records may be involved. It’ll take at least another ten days and another £10,000 to ascertain the full details – money that your CFO says isn’t in your budget. Your counsel also urgently needs to know exactly what data were compromised in order to comply with breach notification legislation.

The regulator has launched a formal investigation. You and several colleagues must attend hearings. A payment card issuer’s fraud department has written to warn you that if your merchant’s database was compromised, you may be contractually liable for losses.

By the time the dust settles:

  • You’ve had to settle a costly class-action lawsuit brought on behalf of breach victims.
  • In addition to the cost of having employees’ time taken up with the investigation, you’ve been hit with a hefty fine by regulators.
  • You have to pay upfront for a 12-month credit monitoring service for all those people who were affected by the breach.
  • The payment card issuer has increased the fee-per-transaction you have to pay.
  • You must commission specialist data security reports to demonstrate continued PCI-DSS compliance.
  • The unexpected legal costs, damages, computer forensics, PR and crisis management expenses are crippling – they hit profitability, causing a dip in your share price and forcing you to defend another legal action – this time brought by disgruntled shareholders.
  • The reputational damage you’ve suffered is unquantifiable
Cyber_Risks_Space_Invaders_2.jpg

“Thank you so much for giving so generously of your time to contribute at the Ignite Programme - it would not be the success that it is if it were not for the commitment and dedication of contributors such as yourself.”

Frances B, Programme Manager, Centre for Entrepreneurial Learning (CfEL)

 

Ready to work with us?

You can call us to talk more about your business on +44 (0)1223 200650 or +44 (0)20 3865 0149

What's Covered?

Monthly Payments
Cancel Anytime
Benchmark Us
Quote within 24 hrs

About La Playa Science & Technology

Specialist & Independent

Specialist & Independent

La Playa's specialist Science & Tech team can help you protect your business with smart, flexible, high-performance insurance - with a friendly human UI. We understand the risks and pressures you face - and we speak your language.  We’ll support you with great advice - helping you make good decisions for your business. 

In-house IFA

We also offer Business Protection (including Key Person Insurance) and Employee Benefits: a joined up approach with a team of advisers working for your best financial interests - all under one roof

Advice You Can Trust

…from an expert who understands you

Tech-based business is 24/7, global and borderless, exposing you to new risks and liabilities - often in unfamiliar places. As the law struggles to keep pace with technology, insurance can provide a real safety net if you fall foul of changing legislation.

  • Specialist insurance for science and technology
  • Independent professional advice
  • Relationship-based service: right beside you when you make a claim
  • “Can do” culture
  • Seamless insurance across UK and US
     
Photo from Science & Technology
HB-155-col.jpg

Hanna Beaumont FIRM

DIRECTOR, SCIENCE AND TECHNOLOGY

Direct Dial: +44 (0) 1223 200664

Mobile: +44 (0) 7795 473071

Email: hanna.beaumont@laplayainsurance.com

Twitter: @HannaBLaPlaya