A cyberattack that affected 145 million eBay Inc. users around the world is the latest in a string of high-profile security breaches that highlight the increasing importance of digital security to corporate reputations.
The San Jose, Calif.-based company, parent of other digital brands such as Kijiji, PayPal and StubHub, advised all users to change their passwords on Wednesday. The non-financial accounts were compromised earlier this year, although eBay said it had not seen increased fraud on its website.
Both digital and brick-and-mortar companies in Canada and around the world are developing new strategies to deal with digital security threats as criminal groups seize more and more confidential data. Lawyers, insurers and branding experts say businesses are taking steps to mitigate increased threats.
Target Corp. put the spotlight on the damage data theft can cause last year. The retail chain is still reeling from a massive data breach and recently replaced chief executives in both the U.S. and Canada in an effort to stabilize the business. Other U.S. retailers, such as Neiman Marcus and Michaels craft stores, have also had information stolen.
Consumers have even higher expectations for digital security from online businesses, said Robert Passikoff, president of customer loyalty and brand impact firm Brand Keys.
Mr. Passikoff praised eBay’s quick reaction to the breach: “They told everyone and said ‘here’s something you can do about it,’” he said. “They’re being proactive about addressing the problem.” Sitting on an issue makes customers wonder what else a company is hiding, he said.
Companies with stronger brand engagement scores may be able to better weather a crisis, according to Brand Keys research. Customers may be more likely to give eBay the benefit of the doubt, since it ranks second only to Amazon.com Inc. in the firm’s annual customer loyalty and engagement study.
More companies are seeking to protect themselves against data breaches by insuring their reputational risk, insurance companies say. Defining this kind of loss and counting how much compensation is due poses a challenge, said Nikolaus von Bomhard, head of German insurance company Munich Re.
And then there’s the question of how much disclosure businesses are comfortable with. “[Enterprises] have to undress themselves almost completely, otherwise we can’t run the risk,” Mr. von Bomhard said. Over time, he thinks more companies will be receptive to this process.
As digital security and privacy concerns become more important to financial service companies and telecom providers, the private sector is aligning with government on improved online identification tools. The Digital ID and Authentication Council of Canada (DIACC), which launched earlier this month, aims to create an online transaction system that identifies purchasers through a physical card that can be tapped on a <QL>computer.
“This whole eBay situation – everyone is logging in with the exact same user names and passwords across so many different systems. Those aren’t secure,” Aran Hamilton, president of the DIACC, said.
Technology’s rapid change is difficult for companies to keep up with, and criminals are always one step ahead, said Ira Nishisato, a partner in the commercial litigation group at Borden Ladner Gervais LLP.
Recent amendments to the Canada’s Digital Privacy Act will increase a company’s obligation to notify privacy commissioner and affected customer of data breaches. They would also change record keeping requirements.
“We see more and more technology and Internet-related disputes,” Mr. Nishisato said, although he estimates reputational risks associated with digital security issues still present the greatest threat to businesses.