Insufficient data privacy legislation is costing companies: three ways businesses are suffering
This article was originally published by Forbes Tech Council.
Personal data is a uniquely valuable and abundant resource that powers today’s expansive digital ecosystem. As a 2017 Economist headline declared, “The world’s most valuable resource is no longer oil, but data.”
However, four years after the European Union implemented its expansive General Data Protection Regulation (GDPR) to protect people’s online information, U.S. companies and consumers are still waiting for a comprehensive privacy solution that sets the standard for securing peoples’ valuable and vulnerable data.
Even as five states have new consumer privacy laws going into effect in 2023, there has been little progress at the federal level, leaving companies grappling with patchwork privacy standards.
This arrangement is bad for consumers and companies, costing money in ways both obvious and obscure.
Here are three ways businesses are suffering from inadequate data privacy legislation and possible solutions that can help companies enhance data privacy protections while they wait for a federal response.
#1 Data exposure enables more cyber crime
Data is a precious resource that is increasingly at risk of theft and misuse. In 2010, 662 data breaches compromised more than 16 million records. Today, this problem is even more pernicious, with 4,145 breaches exposing more than 22 billion records.
While companies face an expansive threat landscape, their most pressing vulnerability is often in-house.
The human element, including social attacks, is responsible for 82 percent of data breaches, underscoring the importance of data privacy and security when preventing costly data breaches.
What’s more, data breaches enable more cybercrime, enabling costly Business Email Compromises (BEC) and ransomware attacks impacting enterprises, government agencies, and critical infrastructure with frightening rapidity.
These efforts are made possible, in part, by a treasure trove of stolen information online and the ubiquitous availability of detailed dossiers that are just a click away.
Leveraging readily-available personal information, threat actors craft convincing social attacks that trick unsuspecting recipients into sharing company data, providing network access, or otherwise compromising data integrity.
Email-based cyberattacks, which leverage exposed personal information to craft convincing scams, increased by nearly 50 percent in the first half of the year, a trend that will certainly escalate in the years to come.
While companies wait for government action to establish data privacy standards, they can take steps to help employees protect their personal information and online privacy.
#2 Data breaches are expensive
Data breaches are expensive. However, the astounding sticker price, more than $9 million for U.S. companies in 2022, is just the beginning.
A data breach is detrimental to brand reputation. One analysis found that approximately half of data breach victims experienced reputational damage, and 87 percent of consumers say they will abandon a company after a data breach, diminishing long-term viability and growth potential.
Meanwhile, the difficult-to-quantify opportunity cost associated with a data breach or cybersecurity incident can be extensive, especially when ransomware attacks prevent employees from fully utilizing IT infrastructure. This can create a revenue spiral as productivity wanes, consumer interest fades, and stock prices fall.
Collectively, these factors can add millions of dollars to the cost of a data breach, making cybersecurity a top priority for business leaders, board members, and customers.
While privacy laws alone won’t stop threat actors from attacking companies, widely available personal data makes this problem more pernicious and difficult to prevent. A national privacy law can help combat this threat, helping companies and their customers operate more securely.
#3 Uncertainty hinders progress
Even as companies and consumers grapple with rising interest rates, soaring inflation, and shifting consumer demand, a data breach can exacerbate critical company priorities, eroding growth potential and customer experience.
According to an IBM analysis, 60 percent of breached businesses increased product prices after the incident, passing the cost of a data breach down to their customers.
This is especially challenging for companies as consumers shift their preferences, prompting 75 percent of consumers to try a new shopping behavior and 36 percent to try a new product.
Higher prices, onerous privacy controls, and other responsive standards erode the buyer experience and hinder company progress. National privacy standards can help restore data privacy, creating a safer, forward-focused online environment where everyone can thrive.
A final thought
Despite the problem’s incredible scope and cascading consequences, federal regulators and lawmakers are too slow to respond. Sadly, many businesses and consumers are suffering from the lack of personal data privacy laws in the US.
As we wait for a unifying federal privacy standard, companies and customers can act now to enhance their personal privacy online. Data is a valuable resource, and keeping it safe and secure is worth the effort.
Dimitri is a tech entrepreneur and Onerep CEO. He is an avid proponent of privacy regulation framework and likes to explore cybersecurity and privacy issues as a writer and reader on various platforms.