You know that a security incident or a cyberattack can damage your business financially and you may face legal consequences. But have you thought about what it would do to your reputation?
Your customers and clients expect that your organization will keep their data safe. If you fail to do so, you’re likely to face financial consequences when customers leave after you’ve lost their trust. According to the “2018 Cost of a Data Breach Study,” conducted by the Ponemon Institute, companies that lost 4% or more of their customers after a data breach experienced an average total cost of $6 million. A cybersecurity incident can have a powerful impact on your bottom line.
Unfortunately, thanks to the cybersecurity skills shortage, this is a problem that’s likely to get worse before it gets better. A global study of cybersecurity professionals conducted by the Information Systems Security Association (ISSA) and Enterprise Strategy Group (ESG) found that security incidents are on the rise because businesses lack both the amount of staff needed to keep up with increasing cybersecurity workloads as well as end-user awareness training. This workforce gap makes it difficult for companies to secure client data and protect their own assets.
In many cases, when a cybersecurity incident or data breach is being discussed (whether in the media or in the board room), the focus of the conversation is on the organization itself. What caused the incident? How did the organization respond? What costs were associated with the incident? But it’s important to remember that it wasn’t just the company that was impacted. Consumers and clients have had sensitive information compromised as well. How often is that brought up in these conversations? (This is becoming more common, however, as evidenced by the reaction to the Equifax breach and the focus on how it impacted consumers. As the focus on the consumer becomes more commonplace, it will become even more vital for organizations to ensure that they protect brand reputation with their customer base.)
Your customers and clients were already skeptical about your ability to protect their data. After all, they’ve probably seen at least two or three incidents in the news within the past week alone – and thanks to these headlines, they’re paying more attention to how you’re using their data, what you’re doing to safeguard it, and how you’re responding when it’s been compromised. A corporation like Target, for example, might be able to survive an incident thanks to the sheer size and national or global presence, but not every business has the same cachet. Many organizations need to accept one cold, hard truth: your customers are willing to walk away.
Protecting your business from cyberthreats translates to protecting your relationship with your customers.
Read the comments on any news article about a data breach and you’ll see that today’s consumers are finding it increasingly difficult to put their trust in brands. And this doesn’t just apply to organizations that have already experienced a breach. Consumers don’t believe that any business is capable of securing their information. What are you doing to show customers that you’re protecting them? Consumers want to do business with organizations that they feel are trustworthy – and they will have no problem going next door if your competitor meets that need better than you do.
“The Aftermath of a Mega Data Breach: Consumer Sentiment” from the Ponemon Institute found that data breaches ranked alongside environmental disasters and poor customer service as factors that impact brand reputation. Similarly, the Forbes Insight report “Fallout: The Reputational Impact of IT Risk” showed that 46% of organizations experienced a negative impact on their reputations and brand value after a breach.
It’s time to start thinking about cybersecurity as a competitive advantage. How you manage and remediate a cybersecurity incident is crucial to maintaining a positive relationship with customers and securing new business. Your customers and clients will always remember how you responded to and communicated about a cybersecurity incident.
Do you want a better relationship with your customers? Want to avoid negative impacts to your reputation due to a breach or security incident? Then it’s time to put a formalized cybersecurity program into place today.