We’re all familiar with the phrase, “adding insult to injury” and its more succinct cousin, “piling on.” Both idioms describe when something happens that makes a bad situation worse. For example, the jerk who hit your car in the parking lot turns out to be your new boss, or the 30-something-year-old kid who’s been living in your basement long past the expiration date finally gets a job – that requires him to work at home. To these examples, we can now add a new symbiotic relationship between corporate hacking and unemployment.
According to a study by the Ponemon Institute and IBM Security, there were 1,579 data “breaches”—a more benign euphemism for the theft of a company’s sensitive information—in 2017, a 44.7% increase from 2016. Although not formally recognized by any Standard Industrial Code, hacking is a growth industry. As the study indicates, the average unauthorized intrusion costs the breached party an average of $3.68 million for everything from lost business, reputational damage to the time spent by corporate employees to stick a finger in the proverbial dike.
Naturally, the first reaction to the fact that a company has just lost the names, contact information, social security numbers, et al. of 50,000 or so of their faithful customers is to assign responsibility. In other words, someone or multiple “someone’s” is going to have to pay for a hacker’s romp through the business’s inner sanctum. On a basic level, the need to identify a witting or unwitting sacrificial lamb makes perfect sense. When your customer base is storming the metaphoric castle with torches and pitchforks, lopping off the head of your CIO or CISO is a logical response. Sometimes offering up only a single member of the C-suite is not enough to slake the thirst of a mob of enraged consumers, who trusted you not to make their personal information available to unauthorized state-sponsored affiliates. Thus, a few fellow members of the corner office set are forced to open their golden parachutes.
While no one wants to see someone lose their job, seeing a few “C’s” join the ranks of the unemployed isn’t an unexpected mea culpa. But as the study found, the ramifications of lapses in corporate data security impact the average cube dweller more often than one might expect. The researchers found that in roughly a third of security breaches employees of all levels were afforded the opportunity to “pursue other career opportunities.” The study also found that these dismissals often included members of non-IT departments. Unfortunately, the scope of the costs associated with corporate hacks is measurable via the synchronicity between angry customers and sharp declines in revenue that result in fewer folks reporting to the office on Mondays.
Let’s face it, the tenuous nature of today’s workplace has made the single company career with a gold watch at retirement a thing of the past. But isn’t it reasonable to ask why the vagaries of employment should include the capricious nature of foreign governments and criminal syndicates from countries that most of us couldn’t find on a map? While the departure of a CIO has a particular cause-and-effect relationship to undesired access to the company jewels, should the guy or gal in Accounts Receivable have to become caught up in the carnage? Security will continue to grow in importance for a variety of reasons, happy customers being paramount among them, but ensuring that unsuspecting personnel don’t become collateral damage should also be part of the equation.