The problem of data breaches has just reached a new high, or maybe low, as executives are losing money because of them. A case in point is that Yahoo CEO Marissa Mayer will not receive a bonus nor stock award because of the mishandling of security breaches in 2013 and 2014.
The decision came after an internal investigation found that senior executives at Yahoo mishandled the company’s security breaches. In September of last year, Yahoo disclosed that a massive security breach occurred in 2014. About 500 million Yahoo accounts were compromised. Hackers obtained personal information, but not credit card details. Then in December of last year, Yahoo disclosed that another breach occurred in 2013, but this one was even bigger: Nearly one billion user accounts were hacked, making it the biggest breach in history.
Once considered a nuisance or just a PR issue, data breaches clearly have the attention at the board level as executives, employees, shareholders and customers are all affected. In fact this also affected the sale of certain Yahoo businesses to Verizon Communications. Last year Yahoo and Verizon agreed on an acquisition, but Verizon and the rest of us only learned about these data breaches after the deal was announced. Oops.
This has affected the deal, since numerous lawsuits have been filed seeking damages for the breaches. If Yahoo’s sale to Verizon is completed as expected later this year, a successor company called Altaba Inc. will be responsible for paying those legal claims. Will senior executives at Yahoo face more scrutiny and have pay or bonuses withheld for lack of proper oversight?
Many senior executives and board members do not have a good understanding of cybersecurity and how it can affect their companies. They still view this as an IT issue and pay less attention to it than they should. Since all our businesses run on computers and networks, protecting them and the information they exchange is the most important issue to address.
Some companies choose the route of protecting digital assets in a minimal way and purchasing cybersecurity insurance in the event they have a data breach. This is not a good approach as insurance companies will either not pay or charge very high premiums if a company does not have basic security in place. Just like I get a discount on my home insurance for having smoke detectors and an alarm system, cybersecurity insurers will look favorable on businesses that implement preventative security measures.
Yahoo and others need to think about encrypting, controlling and auditing access to their most sensitive information. Protecting the data itself is the best way to ensure that no unauthorized user, inside or outside of the company, can access sensitive information. If hackers break through the perimeter security and steal information, they will not be able to use it, if it’s encrypted. That provides the best safeguard you can get.
Now that data breaches are causing pain in the wallet, I think people at the top will quickly address the problem and look to internal and external experts for the best way to protect their businesses.
Photo credit Pictures of Money