The Backlash of a Data Breach: The Costs are More than Money
Data breaches are costly – very costly.
In fact, the average data breach sets Australian businesses back $2.82 million AUD. So it’s no wonder why so many companies are forced to close their doors after a major incident.
But the financial impact is only part of it, and there are several other repercussions that aren’t quite as obvious.
Let’s now examine the full extent of what can occur in the aftermath of a data breach as well as what you can do to protect your company from falling prey.
A Blow to Your Brand Reputation
A 2017 study by The Ponemon Institute and Centrify found that a data breach has the second biggest impact on brand reputation with 59 percent of CMOs and 55 percent of IT specialists believing that a data breach would adversely affect their company’s brand reputation.
According to their findings, the only thing that would have a bigger impact is poor customer service.
A separate study by Forbes and IBM concurs and mentions that nearly half (46 percent) of organisations have experienced damage to their reputation after a data breach.
And this makes complete sense. It’s only logical that customers, clients, business partners and even vendors will become wary of dealing with your company after fallen victim to a data breach, especially a major one.
They obviously don’t want to have sensitive information compromised because of an oversight and lack of digital security on your end. It’s just not worth the risk.
A blow to your brand reputation can truly be the kiss of death considering how easily bad press can spread these days. A single article on a major publication can quickly tarnish even the best of reputations and negate much of your prior efforts to build your brand.
So even if the financial backlash doesn’t get you, the diminished brand reputation can slowly strangulate your organisation and squeeze the life out of it.
Loss of Customer Trust
The Ponemon Institute and Centrify also found that a data breach can quickly cause organisations to lose customer trust. In fact, 65 percent of customers who have been in this situation said that they lost trust in an organisation. Even worse, 27 percent chose to discontinue their relationship permanently.
So in theory, you’ll lose nearly one out of every three customers after being hit with a data breach.
Just put yourself in your customer’s’ shoes for a second. When they decide to do business with you, they want to know that you’re taking every possible precaution to protect their personal information and prevent it from falling into the wrong hands.
This is a basic responsibility in our digital age, and 79 percent of consumers believe that organisations have an obligation to protect their personal information.
And once that trust is gone, it’s extremely difficult (if not possible) to earn it back. With so many industries being hyper-competitive, it’s just too easy for customers to get on board with another brand. Even the most loyal may feel compelled to take their business elsewhere out of fear of a similar incident occurring.
Loss of Intellectual Property
A hacker gains access to a new product’s design prototype before it’s launched. Or they steal confidential information involving an app, pre-release.
These are just a couple of scenarios in which your company could suffer a loss of IP.
While this will affect businesses in certain industries more than others (manufacturing and construction are particularly susceptible), it’s obviously not going to do you any favours if critical IP is compromised.
Not only can it thwart future plans, it can cripple the competitiveness of your organisation and give your rivals a huge advantage.
Diminished Market Value
Put all of this together, and it means one thing – a loss of market value.
The aforementioned study by The Ponemon Institute and Centrify points out that the average company experiences a five percent drop in stock price directly after disclosing a data breach. While that eventually recovers within 116 days on average for retail businesses, their long-term market value may never fully recover.
In fact, The University of North Carolina Kenan-Flagler Business School explains that companies can lose as much as three percent of their overall market value in the long run.
As they point out, it’s not about a knee-jerk reaction. This drop in market value is simply because customers tend to reduce their dealings with a breached company.
Why would they want to put themselves in further jeopardy? It just wouldn’t make sense.
Additional Marketing and PR Efforts
Finally, you can expect to spend more time and energy on future marketing and PR to recover your customer base. Considering that nearly a third of existing customers will be lost, a full-scale initiative is often in order to get your sales back to their former state.
You may also need to bring additional team members on board to ensure that you have adequate manpower for the job, which is also a burden.
Protecting Your Organisation’s Data Assets
As you can see, a data breach opens up a gigantic can of worms and is truly a nightmare. Apart from the exorbitant costs, an incident like this hurt you in many other ways that aren’t immediately obvious.
So what can you do to keep your organisation out of harm’s way and protect your data assets?
The first thing to do is adopt a proactive cybersecurity approach rather than a reactive one. One of the main reasons why companies find themselves in trouble is that they feel like they’re immune from data breaches – like it’s something that happens to others but won’t happen to them.
But Experian reports that 51 of percent of companies have already experienced a global data breach, and nearly 56 percent have experienced more than one within the past five years.
So being lulled into a false sense of security is just inviting trouble.
Restrict Data Access
One of the more surprising things about data breaches is that the majority of them originate from within. Statista even mentions that 60 percent are insider jobs.
For many companies, it’s being overly trustworthy with who has access to their data that ultimately does them in. Therefore, you want to be thorough about safeguarding your data from malicious insiders.
Some strategies include:
- Running comprehensive background checks on your employees
- Defining who has access to what data
- Not giving employees more access than what they truly need to do their jobs
- Setting restrictions on file sharing
- Logging all network activity (this won’t stop an attack outright, but it’s a great deterrent)
Secure Mobile Devices
One of the quickest ways to put sensitive data at risk is being overly lax about mobile device security. And with 59 percent of companies implementing bring your own device (BYOD) practices, this is a bigger concern than ever.
A good starting point for increasing security is to create policies on how employees go about safeguarding their devices. Some examples include:
- Creating a strong password for unlocking a device and routinely changing it
- Using auto-wipe to automatically delete sensitive data if a device is stolen
- Protecting mobile devices from malware and viruses
Use a Strong Firewall
Another effective way to prevent unwanted intrusion is to invest a quality firewall. Ideally, you’ll use a threat-focused next-generation firewall (NGFW) because of its robust capabilities that outperform traditional firewalls.
This will help you identify which of your data assets are most susceptible to attack, heighten overall security and swiftly detect any instances of suspicious activity.
Don’t Forget About Physical Security
CTO of Due, Chalmers Brown makes a great point about physical security. He explains that many businesses get so fixated on digital and cloud-based data protection that they overlook protecting physical property like hard drives, flash drives, laptops and even paper documents.
If any of these items wind up in the wrong hands, your data can be compromised just like it would be if an attacker accesses it online. Therefore, equally as important to stay on top of physical security.
Fortunately, there are a plethora of options available including:
- Video surveillance
- Access control cards
- Biometric access control
- Intrusion detection sensors
Understanding the Full Range of Risks
When organisations think about the impact of a data breach, it’s usually the financial backlash that first come to mind.
And it’s easy to see why. That alone can be enough to force a company to close its doors.
But what they often overlook is the other side effects that can come along with it. There’s the blow to your brand reputation, loss of customer trust, loss of intellectual property, lower market value and more.
Once you truly see the big picture, you’ll realise just how disastrous a data breach can be and why it’s so vital to protect your organisation’s data assets.
By implementing the right strategies and taking a cyber security by design approach, you can greatly mitigate your risks and drastically reduce your odds of becoming a victim.
Can you think of any other areas of business that can suffer from a data breach? Please share your thoughts: