Marriott & Quora: what price could you face for data breaches? - Cyber Site

Marriott & Quora: what price could you face for data breaches?

Cyber Site

Marriott & Quora: what price could you face for data breaches?

The recent data breach of Marriott’s Starwood brand hotel, followed swiftly by social Q&A platform Quora, comes as the latest in a long line of incidents to warn about the costs of a data breach.

These costs will certainly go far beyond the immediate brand and reputational damage with compensation rates on the horizon imposing real financial blowback to firms who suffer a breach.

The Marriott breach is said to have affected 500 million customers who have stayed at the Marriott’s Starwood hotels since 2014. Importantly, a full 327 million of those affected includes sensitive data including phone numbers, passport numbers, arrival and departure times and possibly also payment details. This comes in addition to The New York Times article stating that a string of previous security incidents had also occurred.

In the case of Quora, 100 million users have been affected which, although not a mainstream platform in comparison to the likes of Twitter, still commands a very strong user base. Even if the nature of the personal details compromised in the Quora incident are less sensitive than those from Marriott, it still presents the difficult reality that even dormant accounts may still hold data users do not want compromised.

With precedents beginning to emerge regarding the cost per head per victim for a data breach, all companies must estimate – as a matter of standard due diligence – what the potential liability is for compensating victims of a breach when their sensitive data has been compromised while under the care of a company.

By putting even very modest figures as a hypothetical exercise against the breaches discussed here, the liability is astounding. Were one to offer $20 per person in the Marriott case (recognising the severity of passport details and payment credentials being compromised), the compensation bill faced would be $6.5 billion. If one offered $1 per person for the Quora breach (recognising the much less sensitive information leaked), the bill would still be $100 million. And these hypothetical figures come before any consideration is made to possible lawsuits, legals cases, operational losses, and regulator fines across many countries.

All businesses must reliably assess what their financial risk could be in the event of a data breach, and have not only wargaming exercises to prepare for what to do, but also very seriously consider what insurance they will need to ensure business survival should they become the next data breach headline.

Read more news

Go back