Data breaches can take different forms. Data can be stolen without the company knowing, data can be altered unwittingly, or access to data can be denied, as in the case of ransom-ware. The single biggest type of data breach is a denial of service, or DoS attack. This is when system resources or capabilities are the target of a malicious actor, resulting in a partial or complete loss of system availability. In the case of data theft, a company may cede secrets to competitors. Perhaps the most important consideration in the case of a data breach is the legal and regulatory ramifications.
Things to consider:
- Are you required to disclose information about the breach to the public?
- Can you recover in a timely manner?
- How will you convince your consumers their information is still safe in your hands?
A lawsuit or federal action can be a fatal blow to business operations.