According to the National Cyber Security Centre, set up in 2016 to deal with the growing number of network attacks, there were almost 800 serious attacks on businesses between October 2016 (when the agency was first set up) and the end of 2017. It’s fair to say that in 2018, this number is far from reducing, with the governmental organisation predicting figures for this year will quickly overtake the previous year’s attacks.
by Tony Smith, Sales Director — EMEA, PCI Pal
It has been estimated that a successful cyber-attack will cost businesses more than $5 million (£3.6 billion), or more than $300 (£215) per employee according to Juniper Research, and this number is expected to grow.
By 2020 the average cost of a breach is expected to rise to an eye-watering $150 million (£107 million) but a data breach can cost a company much more than money. In the long run it has the very real potential of costing them their very existence.
Loss of direct customer revenue
Often, the true fallout of a data breach isn’t immediately visible, but attacks have huge repercussions. Cisco predicts that a company can expect to lose more than 20% of its customer base and all the revenue that this entails, following an attack, and it’s relatively easy to see why a customer would choose to spend their money elsewhere. If a company can’t even see to it that their personal information is kept safe, why should they receive their repeat custom?
Following directly on from the previous point comes damage to one of the most important currencies a business can have: reputation.
Analysis carried out by Deloitte following TalkTalk’s high profile data breach in 2014, showed the company’s reputation took a tremendous hit following the attack, with negative sentiment lingering for more than four months after the incident, and negativity was particularly pronounced on social media, an area in which it can be particularly difficult to attenuate ill feeling.
Ultimately, damage to TalkTalk’s reputation ended up costing the company dearly, including a drop of 11% to its share price.
Pursuing the sources
More often than not when a data breach is reported in the press, it is attributed to some shadowy hacker organisation based overseas, but in the real world breaches are often caused by someone within the company (by accident or malfeasance) or by a failure of security protocol; locating these sources can be potentially costly with the estimated cost of a corporate security audit topping $225,000 (£162,000) — according to Verizon.
Legal culpability is undoubtedly the biggest issue a business will face following a data breach. Enormous fines await companies that fail to protect their customers’ data, and on May 25 2018 the EU’s GDPR comes into force, bringing with it fines of up to 4% of worldwide turnover for failure to protect and handle customer data adequately. Fines of this magnitude can quite easily destroy a company where it stands.
When all is said and done, there is no panacea for a company’s cyber security ills. Criminals change and adapt far quicker than even the best holistic solutions, and knowledge of social engineering practices can only prepare staff to a finite point. Investment in cyber-security is therefore essential to ensure that your business continues to thrive, while compliance to PCI DSS will ensure customers’ sensitive payment card data is not at threat. Neglect it for too long, and you may find yourself facing some serious ramifications.