Nuix on cybersecurity breaches – the fines are just the beginning of the costs consequences

It is worth mentioning, again, that fines from regulators are not the only cost consequence of a cybersecurity breach.

The point is well made in an article on the Nuix blog called Insider threat: not just a cybersecurity issue. Its unspoken context is the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). It barely mentions fines, focussing instead on the many other expenses which may follow from a cybersecurity breach, especially if the breach goes unnoticed for weeks or months.

Although both the incidence and level of fines seems to be increasing, the knock-on consequences can cost more. The Nuix article concentrates largely on the time and expense of enabling recovery and moving on to the steps needed to prevent a recurrence. The most benevolent regulator is unlikely to forgive a second incident which might have been prevented by remedying the causes of a first breach.

The actual costs of dealing with the regulator may be dwarfed by the costs of communicating with and retaining customers and clients. Does the company need investment, or borrowing, or a new non-executive director? None of these will come easily to a business which has suffered a breach but done nothing to fix the problem.


About Chris Dale

I have been an English solicitor since 1980. I run the e-Disclosure Information Project which collects and comments on information about electronic disclosure / eDiscovery and related subjects in the UK, the US, AsiaPac and elsewhere
This entry was posted in Cyber security, Data Security, Discovery, eDiscovery, Nuix. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s