By Asher de Metz
A large-scale cybersecurity breach is hugely damaging for any organization, and with hackers becoming increasingly sophisticated, the chances of getting caught out are constantly growing. No one is safe from attack either; companies hit by cybercrime during 2016 include behemoths such as Yahoo, Tumblr, LinkedIn, and AdultFriendFinder. For such a sizeable business, the damage to customer relationships and public image can be extremely costly, but ultimately they’ll survive. For a smaller company, on the other hand, a security breach can be utterly devastating – yet they are no less likely to fall victim to such an event.
How do cyber breaches impact companies?
There are a number of factors that can dictate the effect of a breach on a business, such as the nature and timing of the attack, the industry that the company works in, its size, and location. Consider how a financial institution might be affected as compared to a car manufacturing company, or the importance of keeping a social network’s user data safe in contrast to a mailing list for a small technology firm. Having said this, there are a number of concerns that should always be kept in mind when assessing and securing your company’s online presence. Here, we list the top five business impacts of a cybersecurity breach:
1: Damaged reputation
If a company has worked hard to build and maintain a positive public image, the last thing it needs is to suffer a loss of faith from customers, suppliers, investors, and even potential employees because of a cyber attack. And if the press covers the story widely, the damage to the brand’s reputation can have a knock-on effect lasting way beyond the time it takes to fix the security issue itself. People need to feel safe in order to do business, and if they’re uncomfortable with an organization’s ability to keep their data and resources secure, they’ll likely look elsewhere.
2: Loss of assets
There are a number of valuable resources that cybercriminals might target, including money, data, and intellectual property. A monetary theft from a high-profile organization may provide a big financial reward, but there are also advantages to raiding smaller companies, who tend to be easier to target as they lack the resources to protect themselves adequately. While stealing money seems obvious, data can often be worth far more to cyber thieves, who can make creative use of valuable information or simply sell it on the dark web. Login details for hotel loyalty programs and online auction accounts can sell for anything from $20 to $1400, and credentials for PayPal and other online payment services can go for hundreds of dollars. The loss of copyrighted material and protected developments can potentially be even more damaging to a company though, putting years of investment in R&D to waste and compromising the value of new products or ground-breaking technologies.
3: Monetary loss
Aside from theft, there are several ways in which a company can incur financial losses as a result of cybercrime. According to Kaspersky Lab, the direct expenses of recovering from a data breach cost small businesses an average of $38,000, and this doesn’t even account for the ongoing costs caused by a loss of trust or valuable resources. Large companies with deeper pockets can be expected to pay closer to half a million dollars, but they’re much better equipped to ride the waves of uncertainty that follow an attack, even if the amounts of money involved are much greater for them. Ironically, it’s small companies with fewer resources to protect themselves who have a stronger imperative to do so.
4: Penalties for failing to protect data
A company may have its own assets put at risk by cybercrime, but this doesn’t negate the responsibility to protect sensitive customer data. This is reflected by the threat of fines from global authorities, whose aim is to protect the interests of the population by refining and enforcing data protection laws. In the coming years, these authorities can be expected to develop sanctions to ensure that companies are giving adequate protection to the data they hold. One figure mooted by the European Parliament as a fine for privacy breaches is as much as 20 million euros – an amount that would put many smaller companies out of action for good.
5: Intangible costs
Being the victim of a cyber attack will inevitably place a huge immediate financial burden on any organization, but there are many additional costs hiding beneath the surface, that may not be seen at first glance. Especially where a company has poor continuity planning or business resilience strategies in place, it could see its operations suffer long into the future as it struggles to get back on track. Add increasing insurance premiums and interest payments into the mix, and the road to recovery can be a rocky one indeed.
In the modern business world, it’s becoming ever clearer that cyber security is no longer solely an IT issue; and the requirement to be safe isn’t restricted to larger companies either. Any organization that fails to protect itself well enough is placing its very existence at risk – these days, putting comprehensive security measures in place is simply an unavoidable part of running a business.
About the Author
Asher de Metz has approximately 20 years of experience in the cyber security industry consulting to some of the world’s largest companies in all of the top vertical markets. Starting in London he has worked across Europe, the Middle East, and has spent the last 8 years in America working for Sungard Availability Services where he runs the Technical Security Practice.