Nearly one-third of surveyed companies that experienced a data breach in the previous 12 months said the incident cost certain employees their jobs.
Conducted by Kaspersky Lab last March and April, the "Global Corporate IT Security Risks Survey" elicited responses from 5,878 businesses across 29 countries. Among this data set, 1,062 small-to-medium-sized businesses and 863 enterprises acknowledged suffering at least one data breach at some point in their history. As a consequence of these breaches, 325 SMBs (31 percent) and 267 enterprises (also 31 percent) had to lay off staff.
When such incidents occurred, senior IT security staffers were most commonly the ones given the pink slip, with 36 percent of SMBs and 45 of enterprises letting these employees go. The next most frequently fired employees were senior IT executives (33 percent of SMBs, 37 percent of enterprises) and senior non-IT staffers (29 percent of SMBs, 27 percent of enterprises).
Even C-level executives were not immune either, with 15 percent of SMBs and 24 percent of large enterprises dismissing these high-ranking officers following data loss. Such firings were most common in North America, where 32 percent of breaches resulted in a CEO, president or similar corporate leader getting the boot.
The survey exposed additional ramifications as well: 45 percent of SMBs and 47 percent of enterprises had to pay compensation to affected customers, while 27 percent of SMBs and 31 percent of enterprises were forced to pay penalties or fines. Additionally, more than a third of all breached businesses reported difficulties acquiring new customers following their respective incidents.
And the risk for further penalties could be even greater, considering that 61 percent of respondents said that next year they anticipate an increase in volume of sensitive customer data.
Additionally, 31 percent said they currently store data that is protected by the European Union’s strict GDPR regulations — and yet only 27 percent of this contingent said they have fully met GDPR’s requirements.
"While a data breach is devastating to a business as a whole, it can also have a very personal impact on people’s lives — whether they are customers or failed employees — so this is a reminder that cyber-security has real-life implications and is in fact everyone’s concern," said Dmitry Aleshin, VP of product marketing, Kaspersky Lab, in a company press release. "With data now travelling on devices and via the cloud, and with regulations like GDPR becoming enforceable, it’s vital that businesses pay even closer attention to their data protection strategies."