By Sungard AS
2016 saw a marked upturn in the volume and creativity of hacks and mega breaches, with LinkedIn, Tumblr, Yahoo, AdultFriendFinder, Three Mobile, and Tesco Bank all hitting the headlines as victims of cyber crime. But although such attacks hurt big businesses and test customer trust, they're not typically an extinction-level event. For small businesses, however, the likelihood of some type of breach is just as high if not higher, but their chances of making a full recovery are much slimmer.
The top 5 business impacts of cyber security breaches
Each organisation is unique in terms of the impact of a breach, dependent on the timing and duration, and the industry in which it operates. For example, a data breach may have more pronounced consequences for the financial sector than, say, in manufacturing. However, common impacts you should consider when evaluating your own security posture include:
Loss of customer and stakeholder trust can be the most harmful impact of cyber crime, since the overwhelming majority of people would not do business with a company that had been breached, especially if it failed to protect its customers' data. This can translate directly into a loss of business, as well as devaluation of the brand you've worked so hard to build. Taking a reputational hit may also affect your ability to attract the best talent, suppliers and investors.
While a cyber-raid on a big-name bank may net the attacker a sizeable haul, smaller businesses' defenses are typically less sophisticated and easier to penetrate, making them a softer target. Cyber-enabled fraud leads to monetary losses, but stolen data can be worth far more to hackers, especially when sold on the Dark Web. For example, the 2015 'Hidden Data Economy' report by McAfee Labs puts the value of login credentials to hotel loyalty programs or online auction accounts at up to $1,400. Intellectual property theft may be equally damaging, with companies losing years of effort and R&D investment in trade secrets or copyrighted material – and their competitive advantage.
Cyber crime costs small business disproportionately more than big businesses when adjusted for organisational size. For a large corporation, the financial impact of a breach may run into the millions, but at their scale, the monetary implications are barely a blip on the radar. Small businesses shell out an average of $38,000 to recover from a single data breach in direct expenses alone (Kaspersky Lab, 'Damage Control: The Cost of Security Breaches', 2015). A casual stance on security could quite easily put you out of business.
As if direct financial losses weren't punishment enough, there is the prospect of monetary penalties for businesses that fail to comply with data protection legislation. Global authorities are considering tougher regulations: one of the most draconian measures proposed by the European Parliament for a privacy breach, applicable from 25 May 2018, is a fine of 20 million euros, or 4% global annum revenues whichever was the higher– a sum that would threaten many growing businesses with insolvency.
In addition to the economic costs of incident response, there are several intangible costs that can continue to blight a business long after the event itself. The impact of operational disruption tends to be woefully underestimated – especially among firms that have little in the way of formal business resilience and continuity strategies – and small organisations that already struggle to manage cash flow may face crippling rises in insurance premiums or see an increased cost to raise debt.
Cyber security isn't an IT problem – it's a business imperative. Adopting a comprehensive security strategy today can help you avoid having to shut up shop if hackers strike.