A significant majority (83%) of large businesses see cybersecurity as a threat. While many large businesses worry about cybersecurity, only 43% actually prioritize it as a top three tech investment. For small businesses, just 26% claim cybersecurity as a top priority.
Companies that don’t prioritize cybersecurity risk alienating or turning away potential customers; they view cybersecurity as a critical factor when deciding who to do business with.
What’s Worse After a Data Breach: Losing Money or Losing Trust?
Here’s a question: Does cybersecurity only become a priority after your business has been attacked?
Because by then, it’s too late. In retail, for example, 89% of customers will switch brands if a company loses their personal data. Across all industries, 70% of customers avoid businesses impacted by a data breach.
Not only does a security breach impact those outside an organization, but it also damages the morale of those inside of it. Over 50% of employees working for an organization that experienced a cyberattack would seriously consider quitting because of it.
Then, there are the financial consequences of treating cybersecurity as an afterthought:
AVERAGE DATA BREACH COST
TOTAL COST OF DATA BREACHES IN HEALTHCARE
AVERAGE COST OF PRINTER-RELATED DATA BREACHES
Those numbers don’t account for fines or penalties associated with cybersecurity failure. For example, as per the General Data Protection Regulation (GDPR), an organization found to be negligent regarding cybersecurity can be forced to pay up to €20 million or 4% of its annual global revenue, whichever is greater.
Maybe the initial loss of revenue can be recouped through insurance claims or litigation against those who caused the breach. However, lost trust cannot. Once a data breach occurs, 65% of victims lose trust in the organization and 80% will leave that business altogether. Customers entrust businesses to secure things like protected health information (PHI) and personally identifiable information (PII). Should that data become lost, stolen or compromised, there’s almost no coming back for the organization responsible.
A Growing Concern About Data Safety During COVID-19
While COVID-19 roiled, 8 out of 10 people worked hybrid or remotely, and many of these jobs involved things like customer data handling in retail/e-commerce, or patient data handling in healthcare. When the pandemic was first declared in March 2020, 16 million knowledge workers in the U.S. alone immediately switched to remote work.
As personal information was dispersed to home offices or remote locations around the world, concerns about this data increased:
60% of consumers reported an increased concern for data safety
54% of consumers became more aware of data privacy during the pandemic
63% said data collection and storage determined who they shared data with
The fears about data security were not unfounded. A whopping 81% of global organizations experienced increased cyber threats during the COVID-19 pandemic. Furthermore, the FBI saw a 400% increase in cyberattacks during the early days of the pandemic. Finally, industries which handle large amounts of customer information, like retail, healthcare and banking, fell victim to cyberattacks:
In the first half of 2020 alone, there were 4.83 million cyberattacks in retail
70% of organizations experienced a data breach or leak since the pandemic
74% of financial institutions experienced a spike in cyber threats during COVID-19
Comparatively speaking, organizations weren’t necessarily prepared to protect sensitive data from remote locations. Consider the following: 74% of remote workers had access to critical or sensitive data, but 33% of organizations were not offering cybersecurity training to remote workers.
People were undoubtedly justified in wondering if their personal data was safe.
Give Your Customers What They Want: Cybersecurity as a Business Responsibility
Cybersecurity must move beyond simply checking a box. It needs to become ingrained in how an organization thinks, behaves and operates. The impact of an organization’s cybersecurity efforts should be communicated to customers to build trust.
Making cybersecurity part of an organization’s culture can take many forms. For example:
- Ongoing training: Most organizations only conduct annual cybersecurity training, which has been shown to have a minimal effect. A study found that employees who participated in email phishing (responsible for 90% of data breaches) training every four months were able to retain what they learned and identify and avoid clicking on malicious emails.
- Protect data and devices: Sensitive customer data can be found on corporate smartphones and tablets and enterprise apps. Additionally, unsecured printers are also a gateway to critical information. Enterprise Mobility Management (EMM) can keep devices, data and printers safe from cybersecurity threats.
FOR FURTHER READINGLearn more about the importance of mobile security
- Protect those passwords: The most easily hacked password is 123456 and can be hacked in one second. Encourage employees to make their passwords less hackable and update them frequently. As a reference point, a 12-character password with one upper case letter, one symbol and one number would take 34,000 years to crack.
- Avoid public networks: Before COVID-19, 4% of remote employees worked from coffee shops. While it’s a nice diversion from the home office, sensitive data is put at risk when using public networks. Remind employees to stay away from public networks while working.
- Be vigilant: Remind employees to adopt a Zero-Trust mindset and be suspicious of every link, message, email, pop-up or website they come across, as clicking or opening them could be the gateway hackers are looking for. Once a threat enters a company network, it will gain access to that network’s resources and data 93% of the time.
FOR FURTHER READINGThe Zero Trust Security Model: Four Common Myths and Facts
Organizations should make cybersecurity a priority because customers either worry about their information being hacked or stolen or simply don’t trust that it’s being protected. By making cybersecurity a business priority, your customers will trust you and continue to do business with you. You likely don’t want to experience what could happen if you fail to provide it.