The buzz this week is all about the latest reports in which Adobe admitted that it had suffered a far greater breach of data security in a cyber attack earlier this month. Technology lawyers have forecasted that the Adobe cyber attack could trigger a flood of legal action. Rightfully so as today when a data breach happens, its no longer a surprise when a lawsuit is filed the very next day after a breach is reported.
Adobe’s latest report is that data from some 38 million users had been compromised, far more than the 2.9 million originally estimated earlier.
Now with 38,000,000 customers to notify, Adobe will face a huge bill just in notification letters alone, not including credit monitoring costs and potential legal defense and settlement costs. With 2014 just around the corner, the Adobe data breach will surely go down as one of the biggest data breaches of 2013 and one of the most expensive.
Lawyers have suggested the most significant commercial implication for Adobe is the theft of its source code. At this point in time the financial impact of the source code theft will not be felt by Adobe for some time. When a data breach happens, one of the “hidden and unknown costs” is financial impact/loss.
The Adobe data breach involves many issues, such as stolen customer sensitive data, reputational damage, legal and PR issues, intellectual property theft, and network security failure.
While its unknown if Adobe has cyber/data breach insurance, we explain below how data breach insurance coverage could help respond to the Adobe data breach/cyber attack.
Cyber/data breach insurance coverage could help Adobe:
- hire a computer forensics investigator to determine how the breach occurred and what data was exposed,
- hire a data privacy attorney to help navigate the various U.S. State (and international) data privacy laws,
- send notification letters to the affected customers,
- offer a one-year credit monitoring service to the customers affected as well as a dedicated call center to answer any customer questions,
- hire a public relations firm to help with the media,
- repair hacker damage (depending on whether or not this is included in the policy coverages),
- pay for defense costs in the event there’s a lawsuit due to their data breach and
- pay for privacy regulatory defense and where insurable by state law, regulatory fines and penalties.
According to the Ponemon 2013 Cost of Data Breach Study, the average cost of a breached record is $188. This means that based on the 38,000,000 Adobe customers that had their sensitive information stolen, the total cost amounts to $714,400,000. Putting that amount aside for a moment, the cost just to mail notification letters to the 38,000,000 customers affected is $17,480,000. These amounts, needless to say are significant. However, for a company such as Adobe these amounts as significant as they may be will not force Adobe out of business even if they don’t have a cyber/data breach insurance policy. Though this may not be the case with other businesses or organizations who may not have the financial ability to sustain such significant costs that occur when a data breach happens.