Disclaimer: The views and opinions expressed in this blog are those of the author(s) and may not reflect the official policy or position of Excelsior College. Excelsior makes no claim regarding the suitability of the content for all audiences.
Cyber security topped the headlines in 2015 – and rightfully so. With an alarming level of high-profile data breaches, cyber threats have become an increasing concern for companies across the globe. But what kind of damage does a data breach actually do to a company’s livelihood?
The inevitable PR nightmare following a data breach causes considerable reputational and financial damage, according to CSO. Once a company’s name becomes associated with questionable cyber security, the blows start to pour in.
For starters, CSO reported that a study by Semafone found that of 2,000 survey participants nearly 87 percent would not (or were not very likely to) do business with a company that had faced a data breach involving credit or debit card information.
“These figures serve to underline what we should already know – that the reputational damage suffered by companies who fail to protect personal data can translate directly into a loss of business,” said CEO of Semafone Tim Critchley.
The losses go beyond lost sales, according to the source, businesses are forced to spend hefty funds on improved security measures by way of consultants, security vendors and test runs – not to mention the fees for lawyers, pending lawsuits and the payment of fines from data protection authorities.
Data breaches cause high reputational damage
Nothing suffers more than a company’s reputation, however. According to a report done by Forbes Insight and IBM, 46 percent of companies have suffered reputational damage due to a data breach.
“Social engagement is powerful,” explained General Manager, Business Continuity & Resiliency Services, at IBM Global Technology Services Laurence Guihard-Joly. “Before, we only talked about big disasters. Now when something goes wrong, everyone knows about it pretty fast. The disruption from human error, system outage or loss of data, even a minor disruption can have a significant impact on your reputation. A cost, first, but also a real impact on whether people will choose your service.”
Experian conducted a similar survey called “Reputation Impact of a Data Breach” and the numbers were just as daunting. Of the companies surveyed, the average loss to the value of a brand ranged from $184 million to $332 million, depending upon the type of information that was compromised. The decrease in value was not the only worry cited in this survey, participants were also concerned with the time span required for recovery of brand image – some respondents estimated it would take longer than a year.
Experian provided survey participants with hypothetical scenarios to better understand the scope of diminished value and estimated recovery time. The results were as follows:
Confidential employee information compromised: 51 percent of respondents believe this would impact the economic value of their company’s brand, restoration time averaged 8 months.
Confidential customer information compromised: 81 percent of respondents believe this would impact the economic value of their company’s brand, restoration time averaged one year.
Confidential business information compromised: 80 percent of respondents believe this would impact the economic value of their company’s brand, restoration time averaged 8 months.
Furthermore, almost half of respondents (49 percent) claimed that their brand reputation could not withstand a negative event such as a data breach.
“Companies should be proactive in protecting themselves against cyber threats.”
Safeguard your business from data breaches
The stakes are clearly high when it comes to data breaches and companies should be proactive in protecting themselves against cyber threats. This can manifest itself in a variety of ways.
“An organization can minimize the impact by taking appropriate action,” said Jane Frankland, managing director of KnewSmart, according to CSO. “For example, an organization can ensure that it has an incident response plan; a crisis management plan, full media training for any spokespeople, and that a war games exercise is performed to test resilience.”
Preparation is key when it comes to safeguarding your business from cyber threats. You should have specific personnel in place to deal with the potential issues that could arise. Here at the National Cybersecurity Institute we offer a variety of training courses that can help with just that. Whether you are a small-business owner, a medical professional or someone just looking to brush up on their security training, we have a course for you. Check them out today.