Last week, a group of retailers known as MCX (Merchant Customer Exchange) made news when two members – CVS and Rite Aid – ditched their plan to use Apple Pay in favor of MCX's own mobile payment service CurrentC. However, just when it looked like momentum might be building for this Apple Pay alternative, news broke that CurrentC was the victim of a data breach. Talk about bad timing.
The San Jose Mercury News reports that email addresses of beta testers were stolen from MCX servers. While the mobile app itself was not hacked, the organization's security was compromised. Either way you cut it, the data breach was a significant blow to an organization that was supposed to debut its own "secure" mobile payment system in 2015.
An attack like this hurts a company's reputation, potentially costing them future customers and increasing their costs to market a product with a tarnished reputation. While it can be hard to put an exact price tag on these reputational damages, one thing is certain: CurrentC is facing new challenges as it seeks to rebuild its credibility.
Timing Matters in Data Breaches
Many businesses fail to take into consideration that the timing of a data breach can amplify its costs. Data breaches don't happen in a vacuum. If a company is rolling out a new service and that service is hacked, it could suffer insurmountable setbacks. First impressions do matter, after all.
After making headlines for providing an alternative to Apple Pay (and appearing in a New York Times story about companies switching to CurrentC), MCX was in a position to capitalize on its growing exposure.
It can be hard to quantify what lasting impact this data breach will have on MCX, though there are a few possible outcomes:
- MCX will rebound with few casualties.
- Many consumers are already wary of contactless payments and mobile wallets and may hesitate to trust CurrentC.
- Retailers may shy away from MCX, giving Apple Pay and other competitors an advantage.
While IT professionals are used to thinking about data breaches in strictly technical ways, a breach has spillover effects for a business's marketing and business development. And these side effects could come back to haunt you in an expensive lawsuit, especially if the breach happens at a particularly inopportune time. A breach that hampers a client's product rollout could drastically increase the amount of damages you're sued for.
How Much Does a Data Breach Affect a Business's Reputation?
It's hard to put a dollar amount on the damages a data breach causes because there are so many ways it can affect the breached company and the total cost won't be known until years later. However, there has been some research that sheds light on the subject.
In our blog post, "Survey: Customers Find Data Breaches Only Slightly Better Than Oil Spills," we looked at new research gauging the way customers perceive data breaches. Researchers found that a data breach was the third worst thing for a business's reputation. Bad customer service was the worst, while environmental disasters and data breaches were neck and neck for second and third place. A dubious distinction.
Why Reputational Damages Matter for IT Risk Management
As an IT consultant, you might only be paid $5,000 for a project you manage for a client. But you can be sued for tens of thousands of dollars in damages if a client's data is hacked. Your risk is disproportionately high compared to the amount you take in fees.
It's smart to invest in Errors and Omissions Insurance, given the way reputational damages can multiply the liabilities you could face. This coverage can pay for lawsuits over data breaches and other professional disputes that could wipe out your business and even force you to file bankruptcy.
For free IT liability insurance quotes, use our online TechInsurance app.
