Lax security can lead to lawsuits, penalties and higher costs.

According to the Ponemon Institute’s 10th annual Cost of Data Breach Study, the average consolidated total cost of a data breach is now $6.53 million for a U.S. organization, an 11% increase since last year. The study also found that the average cost per lost or stolen record containing sensitive and confidential information rose from $201 in 2014 to $217. These facts alone should encourage every company to tighten its data security policies and capabilities, but there’s more. Key legal and regulatory changes have increased the financial risk to companies with lax data security.

Tasked with protecting consumers from unfair and deceptive business practices, the Federal Trade Commission’s Bureau of Consumer Protection will now launch investigations if it detects risky behavior regarding the security of customer data. No actual injury or breach is required. Companies found to have substandard data security practices may face a variety of penalties. Recently, despite the lack of documented harm to clients, R.T. Jones Capital Equities Management agreed to settle charges that it failed to establish required cybersecurity policies and procedures before a data breach that compromised the personally identifiable information of approximately 100,000 people. The FTC also has the power to investigate discrepancies between a company’s published “terms of use” and how its data is actually stored and shared.
Continue reading Strong data security is not optional →