Second Breach Closure: Verus?
I’ve been fond of saying that no company goes under because of a breach. It used to be there was one exception, CardSystems Solutions. There now appears to be a second, Verus, Inc, a medical information processor that revealed information on customers of at least five hospitals. “Medical IT Contractor Folds After Breaches.”
So that makes 2 out of 700+ incidents.
Alex Hutton has an insight into “breach impacts,” which is that “B2B plays, esp. small niche players, are almost certain to be significantly impacted.” I like the claim. It sounds like a testable hypothesis. I can think of at least one (a payroll systems company) that had a series of breaches, and seemed to survive. Are there other counter-examples?
(Yes, survive is not a precise opposite of “significant impact.”)
You can see Verus’s web site at the Internet Archive. I wasn’t able to find an investors page.
Incidentally, if Verus employees would like to cry in a beer and tell me what happened, well, Bellevue isn’t far, I’ll protect your privacy, and I’m curious enough to pay for some beer. Drop me a note. Name-of-blog@gmail.com
I do come off a bit didactic there, don’t I?
The theory is something like this: In a B2C exchange, the (informed) consumer made the “bad choice” to choose the company with the breach. In a sense, you have no one to blame but yourself. You can add to that fact that the vast majority of consumers won’t be aware of an incident until they get a disclosure notice.
In a B2B play, especially an SMB with a limited client set – there is usually one specific point of contact who made the “bad choice”. They are now accountable for that choice to others (namely their superiors), not just themselves. As such, they will feel pressure to “make sure it doesn’t happen again.”
Now obviously the theory needs testing against some priors. But as we model incidents using FAIR, it’s pretty obvious that SMB B2B clients have a much greater emphasis on reputation damage.
You may not have to change your stats, Adam. When I was looking into Verus, I had come across something posted on June 16th that indicated that they had already been in financial straits before the breach. If I can track down that link again, I’ll send it to you.