Nearly one in four people stop doing business with companies who’ve been hacked, found a survey security.org. However, despite the harm data breaches do to business reputation, several UK enterprises remain alarmingly unprepared for a cyber-attack, and even complacent towards implementing cyber-security measures, reported Kaspersky.
More than two in three people trust a company less after a data breach, the security.org survey report said. The survey that covered over 1,000 people, including over 300 data breach victims, found that 92 percent of people agree that companies are financially liable to their customers after a breach.
Less than 10 percent of respondents said they will give a company their financial information within a month after they’ve been breached. However, nearly two-thirds (65 percent) of IT security decision-makers in the UK agree that their organisation is complacent about the protection of its customers’ data, said the Kaspersky research.
The study revealed that many organisations are failing to take the necessary steps to prevent data breaches, despite many respondents acknowledging they would impact revenue and customer trust.
A dip in reputation directly translates to a dip in business. The Ponemon Institute’s latest report on the financial effects of data breaches says the average cost was US$3.92 million (about £3.18 million).
Despite the alarming situation, many IT security decision-makers failing to set up effective cyber-defence, said the Kaspersky survey. More than half (57 percent) of the respondents said they do not currently have a cyber-security policy in place. The number went up to more than two-thirds (71 percent) of medium-sized businesses (250 to 549 employees). Just a little over 40 percent of the businesses surveyed said their organisation is protected with robust endpoint security.
This does not mean that IT decision-makers are not aware of the reputation risks that a data breach can cause. Nearly 70 percent of IT security decision makers are concerned they would lose customers following a data breach, while 74 percent of survey respondents said that being perceived as cyber-complacent would be damaging to business, found Kaspersky.
Regulatory penalty, which peaked in 2019, is yet to put a dent on cyber-complacency. Since the EU General Data Protection Regulation (GDPR) came into force across the European Union in May 2018, data protection regulators have imposed EUR114 million (£97 million) in fines for a wide range of GDPR infringements including data breaches.
Regulatory pressure will continue to rise, commented AJ Thompson, CCO at Northdoor, citing the recent Dixons Carphone penalty.
“2019 saw a huge increase in awareness from the public about the value and vulnerability of their data. This means that any breach now is more in the spotlight of the media and regulators than ever before,” he said.
“2020 is likely to see an increase in the scrutiny on any data breach. With the increase of awareness from public and media alike, a data breach now cannot just cause a serious financial loss, but a serious impact on a company’s reputation.”
“Being complacent with cybersecurity, and customer data, can be incredibly costly. Along with losing sensitive information, a data breach affects business revenues, customer confidence and reputations,” noted Kaspersky principal security researcher David Emm.
“There have been many examples in recent years of household brands suffering data breaches, showing that even the most renowned businesses are at risk. For many organisations, the ramifications of a breach could be irreversible.”