Compliance implications can have far-reaching effects. Just as with other threats and vulnerabilities, losses can be both direct and indirect. For example, if an organization is fined $10,000 for mistakes related to HIPAA, the direct loss is $10,000. However, once this information hits the news, the organization will experience indirect losses.

The media may report that a company mishandled health data. If customers have health data stored with that organization, they may leave. Even if customers don’t have health data stored with that organization, they may be suspicious of how it handles other data. Similarly, employees may realize their data is being mishandled and leave the company.

Sometimes, a public relations (PR) campaign can restore an organization’s good name. PR isn’t cheap, though. Creating effective campaigns takes talent and money to implement. However, proactively spending money on PR campaigns can reduce the effects of an incident, which will ultimately save money for the organization.