This past Tuesday, The Home Depot announced its 3rd Quarter earnings for 2014, but also warned shareholders that there will be more costs associated with the data breach that was originally announced in September 2014. According to a recent Wall Street Journal article, “the company said the data breach resulted in $28MM of pretax expenses in the most recent period, adding that it estimates the net cost for the year to be $34MM.” Based on various articles that I have reviewed, the retailer carries a $100MM insurance policy for expenses related to the breach. Having read about many other security breaches over the past year and the significant costs associated with these events, I began to think of the enterprise risks and reputational risks that go beyond the costs of replacing the stolen emails, customer credit card data and other compromised personal information.
When these significant events generate damaging press about the firm, or it is perceived that the firm’s IT infrastructure was not able to prevent the breach, it can trigger other negative events. These potentially costly situations could hurt the company’s revenue and the valuation, which can then lead to shareholder lawsuits, such as a class-action against the company and their Directors & Officers (D&O). These D&O claims are often triggered due to a high-percentage stock price drop within a short period.
As you think through your organization’s risk factors, your risk management process should include evaluating the soundness of your IT infrastructure, reviewing the Cyber Liability and Network Security insurance policies, as well as the firm’s Directors & Officers (D&O) insurance program.
Should a high-profile cyber incident occur at your company, it is critical that your crisis management team manage your customers’, employees’ and shareholders’ expectations, allowing you to minimize the impact on the firm’s balance sheet and protect your reputation.
About the Author
Marc McCabe is a Managing Director for the ALS Group. You can read more about him here.
Click here to request more information about The ALS Group or to discuss management of your cyber risks and minimizing potential fallout from a breach.