8028276478?profile=originalUber has agreed to pay a hefty $148 million settlement after concealing a data breach in 2016 containing 57 million users’ data. In hopes of preventing this from recurring, it’s time for Uber to reassess their risk management practices, and in turn regain the public’s trust as well. 

Although this regulatory problem has resulted in a huge sum of money, this is not the greatest consequence Uber will face due to a risk management failure. The hit on Uber’s reputation is massive. The concept I call the see-through economy has let us witness Uber’s negligence on one issue after another. Consequently, consumers have not liked what they’ve seen and have begun to take their business elsewhere.

The company has reportedly lost 1 percent of the ground transportation market, and as much as 8 percent in San Francisco. Meanwhile, its ride-hailing rival Lyft, is on the rise. This is the first time that Uber has not just seen a decline in consumers, rather it has experienced a loss.

As customers continue to retract their business, the investors will begin to back out; therefore, the company will lose market value. This downward spiral will result in monumental consequences, both financially and reputationally, if a major change in risk management is not made.  

Over the last few years, organizations have experienced 100% avoidable scandals. What has been the root cause? Failures in their risk management processes and systems. Uber is no different than Equifax orWells Fargo, who have all failed to identify the root cause of their risks, and continued to suffer the consequences.

While Uber has taken steps in the right direction with hiring new risk executives, I believe these mishaps will continue to occur time and time again until Uber implements an effective enterprise risk management program. Just as I foreshadowed Wells Fargo’s July 2017 data breach, I believe that these incidents will continue to occur unless Uber adopts a risk-based process for managing risks across departments and levels. Will the largest multi-state settlement for Uber be what drives them to make some real changes in their risk management practices?

The Data Breach Exposes Uber Users and their Employers to Major Risks

Last year, I examined the missteps that Uber had taken and found that the company not only lacked healthy risk practices, but lacks senior leadership who value the importance of these practices. The stolen information included names, email addresses, and mobile numbers. While this incident may at first glance not seem as important as stolen credit card or social security numbers, there are huge consequences.

Companies such as Uber are required to alert government agencies when sensitive data breaches such as this occur. When news of a breach of this nature is swept under the rug, both individual users and the companies they work for are left in the dark.

How could outside companies suffer from Uber’s mistakes? As people are only human, too often employees reuse their personal emails and passwords at work. When this type of information is stolen it can lead to impersonation and future breaches. As a result, not only were 57 million users affected, but their companies have all been unknowingly exposed to risks as well.

While Uber may have been able to avoid the litigation penalties for this breach until now, they’re now faced with a huge fine and, a damaged reputation. An incident that could have been buried thirty years ago cannot remain hidden from the public eye in the see-through economy.

Is There an End in Sight for Corporate Disasters?

Considering the U.S. government has opened at least five criminal probes into the company since Uber’s founding in 2009, a long road lies ahead towards regaining the public’s trust. In Chief Legal Officer Tony West’s statement regarding the settlement, he noted that measures have been taken to improve safety and security. CEO Dara Khosrowshahi also requested that the CSO at the time of the breach submit his resignation, and hired a new Chief Privacy Officer and a Chief Trust and Security Officer.

While these steps are primarily reactive measures, I hope that Khosrowshahi will recognize that the root cause is weak risk management governance processes, and that more proactive steps need to be taken to move towards an effective risk management program to prevent more scandals in the future. Further, although today’s news is a failure in risk management in security and privacy, their failures in risk management have been happening in multiple business areas and share the same common root cause of a weak risk management program, process, and lack of an ERM system.

An ERM system could not only identify and fill gaps in their cybersecurity policies and procedures, but Uber’s new line of management would not have to worry about being in a position of negligence either. Enterprise risk management enables companies to act against risks that are 100% preventable. It is up to companies such as Uber to take responsibility.

Download Our eBook!

If you’re interested in learning more about LogicManager’s Enterprise Risk Management software, check out our cybersecurity eBook!

This article was originally published on LogicManager.com

Votes: 0
E-mail me when people leave their comments –

Steven Minsky, CEO and Founder of LogicManager, is a recognized thought leader in risk management. Steven is well known for his precinct abilities to guide organizations through future risk events. Steven is a frequent speaker in the Energy, Financial Services and Cyber industries. While the first wave of COVID-19 caught many organizations by surprise, Steven predicted the pandemic impacts in January of 2020 and swiftly published action plans to help organizations prepare.

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!