Here, at TetherView, we’ve debated what’s the real cost of a breach. We all agree that there are a range of different costs.
We understand that things like compensating the affected customers, share value plummeting, legal fees, insurance premium hikes (which is another issue unto itself) and having to pay for the right protection (to ensure a breach doesn’t happen again)—are all associated costs of a breach.
But those are just surface costs—things that the Ponemon Institute tells you every year (and don’t get us wrong, the work they do is great, but we think it doesn’t go deep enough).
Companies hardly consider business interruption, loss of consumer confidence, or the cost of recovery as an associated cost of a breach. Consider this: a breach’s cost can also be measured by an employee (their salary, etc.) walking away with corporate data (invaluable).
So, let’s dive in.
Even after addressing the initial financial impacts, a company must also deal with reputational damage. It goes without saying that breaches have a massive negative impact on a company’s customer base (especially if the breach involved sensitive data). Moreover, customers lose confidence in the brand and don’t feel that their data is secure. A breach also puts off potential customers, and in some cases, potential/current employees—just look at Uber.
“The scandals have damaged Uber’s brand reputation over time, said Robert Passikoff, president of Brand Keys Inc., a New York-based customer research firm. The company’s polling has found that in 2015 Lyft passed Uber as the most trusted of ride-hailing brands, and trust in Uber has been eroding ever since. Consumers will give technology companies the benefit of the doubt for a long time. But with Uber, “that well of forgiveness isn’t bottomless,” Passikoff said.
Passikoff doesn’t measure the impact on ridership and Uber won’t discuss it. But Lyft says its share of the U.S. market has risen 3 percentage points since August to 33 percent. It’s up from 12 percent two years ago as Lyft has expanded with more drivers in major U.S. cities.”
Part of the reason Uber lost market share was that it lost a portion of its workforce. Often, data hackers are interested in a business’s proprietary information. This information can include customer lists, pricing, and even trade secrets. Once hackers have this information, they can effectively damage a company’s competitiveness. These threats are manifested when hackers provide proprietary details to industry rivals or reveal the information, to the public at large. Post-breach companies like Lyft were able to provide former-Uber drivers assurances like:
- Your data won’t be sold on the dark web.
- Now that we know how much you make; would you like to make more?
- If you’re looking to make more, why not work for both companies?
Without question, a company’s most prized possession is its reputation. A business must constantly work to build and maintain the integrity of its brand.
However, one compromising incident like a data breach can stain even the best of reputations. In fact, Ponemon stated 46 percent of organizations say they suffered damage to their reputation and brand value as a result of a cybersecurity breach—and just like Uber—this creates a lasting impact on their ability to grow and function as a company.
And that last point is the payoff, right? Regardless of what public opinion may be, the real issue here is that a breach has a direct impact on your relativity to the market. The fact that some companies have comprehensive security, doesn’t stop them from having an agent of corporate espionage on their payroll that could walk away with millions of dollars’ worth of data.
We’re sure that at some point you’re waiting for the TetherView sales pitch—but we think it would be better to identify some concerns regarding 3rd party IT providers. It should go without saying that dependency on vendors and third parties also brings the potential for increased exposure to viability and capabilities of vendors that support your critical systems and processes. If you add the amount of increasing regulations which impact companies across industries and across geographies (e.g., GDPR, NYDFS and CCPA)—the list of potential threats and risks grows exponentially.
We get it. At TetherView we’re obsessed with protecting data—we know the next big threat is around the corner. Which is why we offer businesses security, mobility and compliance (at the highest levels). Our Digital Bunker is a truly comprehensive solution, minimizing the number of moving pieces (or vendors) in an organization’s IT Architecture.
If you have full faith in your IT team—that’s excellent. In fact, if you are an IT professional keep reading— we’ve synthesized a couple of key recommendations from Gartner, on how businesses can be better prepared.
10 Recommendations from Gartner for Securitizing your IT
- Engage business stakeholders to create risk appetite statements.
- Build or outsource a security operations center.
- Use a data security governance framework before investing in tools.
- Exploit passwordless authentication to improve security and convenience.
- Seek out solution providers that offer a fusion between products and services.
- Establish a cloud center of excellence team and invest in training.
- Augment one-time security gates with internal detection capabilities.
- Regularly test how existing defenses adapt to microtrends for the most prevalent threat vectors: malware, phishing and attack on credentials.
- Prioritize measures that better prepare for the threats that are more likely to hit them. This requires good communication skills both within and outside of the security teams. Also progressively build a security posture framework for continuously evaluating relevant defense technologies and processes.
- Engage in a cross-team effort to improve discovery of new assets and emerging business technology use. Use risk register to standardize the approach to aim at a more continuous exposure assessment.
- Improve resiliency by building a complementing strong backup and incident response plan that includes crisis management and recovery planning to better prepare against attacks the organization is ill-prepared to prevent or detect.