Business Reputations Depend On How They Handle a Cyber Breach


10 Oct 2016

Business Reputations Depend On How They Handle a Cyber Breach

A Business's Reputation Depends On How They Handle a Cyber Breach

It is over two weeks since news first broke of the biggest data breach in history, and the pressure continues to mount on Yahoo to disclose how much it already knew about the breach in 2014; did they intentionally delay disclosing the issue to a potential acquirer (Verizon)?

When they first publicly disclosed details of the attack (which resulted in the loss of data for 500 million users), Yahoo were at pains to say that they were the victims of a state-sponsored attack, although little supporting evidence was presented to suggest that this was indeed the case.

How to Handle Such a Breach?

This raises an interesting question regarding the reporting of such high profile breaches: do companies perceive that the public will have greater empathy and perhaps be less critical of a company if they have been the victim of a state-sponsored attack as opposed to a run-of-the-mill criminal? In fact, an increasing number of security experts are now suggesting that the massive breach was indeed carried out by criminals and not a nation state.

Recent reports have also suggested that the final number of records lost could be closer to 1 billion. Regardless of the final number, one of the main criticisms of this case is not necessarily how Yahoo lost the data two years ago (since, other than size, this was no better or worse than any number of publicised large data thefts), but more about why it took them so long to acknowledge it and the time it took to notify customers to take remedial action.

Large-scale data breaches will continue to be mainstream and it is important that companies continue to protect client data proportionately. However, as this recent case demonstrates, the integrity and reputation of a company will more likely be judged by the professionalism, honesty and openness in which a company responds.

It is yet another lesson for company board members, in preparation for the breaches that could one day happen to them.

For the latest PGI updates like our pages on LinkedIn – PGI,  PGICyber   Facebook– PGIPGI Cyber  and  Twitter

Share this article

Contact us

Call us now to discuss your requirements with one of our consultants.

Contact us today

Related News

CISMP, CISSP and CISM - what's in an acronym?

20 Mar 2017

There is a wide range of different security courses available, and a mind-boggling array of...

Watch Video

International Womens Day - Pioneering Women in Tec...

08 Mar 2017

Pioneering Women in Technology – Katherine JohnsonThe Oscar season has been and...

Watch Video

Law Firms and why they need cyber security

06 Mar 2017

Suffering a data breach can be devastating for any company but for law firms the impacts can be...

Watch Video
Back to the News Hub

Follow us

+44 (0)207 887 2699
©2017 PGI - Protection Group International Ltd. All rights reserved.
PGI - Protection Group International Ltd is registered in England & Wales, reg. no. 07967865
Registered address: Cascades 1, 1190 Park Avenue, Aztec W, Almondsbury, Bristol BS32 4FP