How a company handles cybersecurity-related incident response can make or break a customer’s loyalty.
The negative consequences that can ensue after a security breach or digital disruption are a serious matter for companies today. As we have seen with many high-profile cases of cybersecurity incidents in the past year or so, even major, well-established corporations, such as financial institutions, are vulnerable to data leaks. When one occurs, it can not only lead to loss of production and legal ramifications, but a severe loss of revenue as well.
Security breaches don’t just impact businesses in the short term; they have the power to cause lasting damage in the long run too. A research study recently conducted by Centrify revealed that the majority, or 66 percent, of U.S. consumers agreed that if a company has experienced a cybersecurity incident, it makes them less likely to do business with that brand. And it is not just shoppers in America that feel this way. In fact, this sentiment is even stronger in the U.K., with 75 percent of respondents saying a hack could influence them to cease any transactions with an organization.
Understandably, those who have the highest likelihood of ending a business relationship with a company after it has been hacked are those who have been personally victimized or involved in a data breach, according to the source. Perhaps more surprising, though, is that other groups likely to do the same include those who are particularly tech-savvy, as well as those who often shop online.
Study reveals a security breach can result in loss of consumer loyalty.
Best incident response practices
Of course, no company wants to go through a cyberattack. Hackers have gotten extremely aggressive and strategic in their capabilities and, given the proliferation of digital devices and platforms, businesses have an incredible amount of data to protect at all times. Still, consumers expect corporations to take necessary measures to mitigate threats. The report showed that two-thirds of the study participants in the U.S., U.K. and Germany all said that when a cyber breach occurs, the responsibility falls on the business.
“When their personal privacy and information is compromised, consumers blame the business.”
Once an attack or disruption has occurred, a company is forced to act – and the actions it takes post-hack can influence not only its resiliency and customer retention, but its overall reputation and brand image. Centrify revealed that organizations in certain industries are known for being better at handling security breaches than others. For example, financial institutions are viewed as being the best at dealing with attacks, followed by medical firms and government agencies. The sector where there is still some uncertainty, though, is retail, coming in at seven across all three countries for effectively and efficiently handling security disruptions. Even worse, though, were businesses in the hospitality industry, as well as membership companies.
One of the worst things a company can do after it has experienced a breach in security – or any crisis for that matter – is try to cover it up. Fortunately, businesses are relatively good about not doing this, the Centrify indicated. Instead, as they should be, organizations are taking a more proactive approach and making sure the news reaches their customers directly from them first. Approximately 50 percent of the study participants said a company notified them of an attack in which their personal data was at risk.
After making customers aware of the incident, many brands encourage consumers to keep a close watch on their bank accounts for any incorrect or bizarre activity and recommend that they change their passwords. The source noted, though, that a much smaller portion of organizations suggest that clients should make requests to receive alerts in the future.
Tips for improving cyber safety and preventing fraud
Centrify offered a few strategies for companies to use to help enhance their cybersecurity initiatives, such as the following:
- Invest in technology that enables better security of accounts, for example, via single sign-on functionalities and monitoring tools
- Add a multi-factor authentication feature to protect sensitive information, data and assets with even more layers of security
- Adhere to the standards recently sort forth by the Payment Card Industry Data Security Standard Council
The last point is especially critical, as an increasing number of companies are experiencing payment fraud online. According to research performed by financial and risk consultancy firm Strategic Treasurer, the frequency of these attacks is on the rise. And it’s not difficult to see why this trend is occurring, seeing as more than half of the survey’s respondents said they do not have any formal policy or security framework for protecting against fraudulent payment crimes.
“When it comes to cybersecurity, there really is no such thing as being too thorough or careful.”
Although the specific technologies used for information security will likely vary between different businesses, there are a number of steps that are crucial for all companies to take in their cybersecurity efforts. For example, it is imperative that each and every organization creates and implements a detailed, comprehensive risk mitigation and incident response plan. It is not enough to simply consider what will be done in the event of a hack; corporate leaders must actually put formal policies in place that workers at every level of the firm can access. It should also be clear who will be responsible for performing which functions post-disruption.
Network World outlined a number of additional steps that companies should take in the event their critical infrastructure is penetrated, such as the following:
- Determine whether the breach was due to malicious activity or a tech-related error
- Get law enforcement involved
- Assess the damage and isolate it to prevent it from spreading any further
- Record all actions and communications via detailed logs
Considering the amount of sensitive data and information that is compromised in security breaches, when it comes to computer protection and cyber safety, there really is no such thing as being too careful.
Training employees for a stronger defense
Benjamin Franklin once said, “An ounce of prevention is worth a pound of cure.” And this concept is certainly applicable when it comes to businesses cybersecurity initiatives. To build a stronger defense, organizations must ensure employees are well-versed in information security. At The National Cybersecurity Institute, people of all backgrounds and experience levels can take training courses that offer sufficient preparation for IT certifications. Whether you are looking for a quick class, like our C-Suite and Board Level 3-hour Course , or a more in-depth educational experience, we guarantee you can find everything you need to succeed in cybersecurity at our college.
BusinessWire (2016, June 8). New Centrify survey finds 66 percent of U.S. consumers are likely to stop doing business with a hacked organization. Retrieved from http://www.businesswire.com/news/home/20160608005485/en/Centrify-Survey-Finds-66-Percent-U.S.-Consumers