The role financial executives play in mitigating loss from security breaches.

• Author: Dabbs, Dale
• Position: FRAUD - Survey

Though protecting an organization against data breaches seems at first like a concern for information technology departments or business leaders focused on security, it is a very real issue for financial executives as they have a responsibility for the organization's bottom line and for protecting shareholders and customers from unnecessary risk.

According to a survey by the Ponemon Institute, data breaches increase the risk of identity theft and can cost businesses on average, $5.5 million dollars, or $194 per customer record stolen. These breaches happen all the time to trusted and respected brand names.

Business Breaches: A Double Edged Sword

Business fraud can have a multi-pronged effect, impacting the business as well as its customers and employees.

Impact on Customers. To maintain strong relationships, organizations need to effectively communicate to customers that their personally identifiable information (PII) is protected. PII includes everything from customers' names to their social security numbers, birthdates and addresses--anything they share with businesses in the course of transactions or establishing accounts.

Impact on Businesses. Businesses also need to follow both federal and state regulations. On the federal level, the U.S. Securities and Exchange Commission (SEC) and the Commodity and Futures Trading Commission (CFTC) jointly released a rule proposal that requires all SEC-regulated entities to create programs to detect and respond to instances of identity theft. In regard to local regulation, laws in 46 states demand that organizations notify customers in the instance of a data breach. Companies must comply with any and all of the state statutes that apply to where they do business.

Beyond consumer identity theft, businesses also need to protect themselves against identity theft. When business identity theft occurs, thieves can change the business' point of contact information with the state and can send and receive fraudulent information, all while the business keeps running.

Furthermore, thieves can send payroll checks or wire money into their own accounts, file false tax returns and purchase goods without paying for them. Remediating business identity theft requires correcting records with the state and Internal Revenue Service (IRS), as well as addressing any fraudulent credit lines that thieves have opened. It also requires protecting customer records and notifying customers, as their information could easily have...