The risks are huge if an organisation doesn’t disclose it has been breached

534 Views

Zoetop, the company behind retailers Romwe and Shein, has been fined after it failed to properly inform customers of a data breach.

The risks are huge if an organisation doesn’t disclose that it has been breached and can be broken down into:

  • Financial risk. Not only will the organization suffer from operational issues (disruption to service) and therefore loss of revenue, but if they do not disclose the breach to the likes of the ICO (especially if customer data is stolen), the fines are often exponentially bigger than the threat actor ransom itself.

  • Reputational/trust for consumers. If customers find out that their data was stolen, then they will be less likely to use that company in the future. If customers find out that their data was stolen AND the company tried to hide the fact, then they will be MUCH less likely to use that company in the future due to trust.

  • Reputational/trust for B2B/business relationships. Companies/partners will be less likely to do business with a company that has purposely not disclosed a breach because they don’t want to get caught in the “black hole” of negative reception. Trust is also affected by this.

  • Legal issues. If a company does not disclose a breach, it could be subject to a number of legal issues such as group litigation orders.