Banker S.A. July 2014 | Page 48

Photo: Thinkstock

TECHNOLOGY: DATA BREACH

on the type of data breach your company experiences. The costs
that are associated with remediation include forensic activities,
assessments and audit services, marketing, crisis team management,
and communications to the executive management and board of
directors.
CONTAINMENT:
The cost of notifications will need to include the creation of contact
databases, determining the regulatory requirements, engaging with
outside experts, postal expenses, alternate contact details in case of
email bounce-backs, and inbound communications set-up.
POST-DATA BREACH:
The typical costs associated with a post-data breach include
helpdesk inbound communications, remediation, legal expenditures
(civil or otherwise), product discounts, identity protection
services, reputation loss, diminished goodwill and the Regulator’s
interventions.
All industries experience some form of normal churn rate (the
number of customers/clients leaving a service offering or company)
through the financial year. It will be important to factor in the
damage that a data breach can do to a company brand. A data breach
will lead to an abnormal increase in churn rates. Abnormal churn
rates can lead to a large loss of revenue. The top three industries for
abnormal churn rates after a data breach are pharmaceutical, the
financial sector and healthcare.
An objective of each company should be to limit the costs when the
inevitable data breach occurs. Highlighting the influencing factors
that the Regulator will take into consideration when determining
the fine amount should dictate the approach of your company.
46

BANKER SA

Ovations.indd 46

As per the POPI Act, No 4 of 2013, the Regu ]܈\