Most businesses are concerned about data breaches, and they’re right to be worried. Cyber attacks are invasive, frightening, and one data breach can cost an organization millions of dollars. According to the Ponemon Institute’s annual Cost of a Data Breach report, one data breach can cost a company an average of $3.92 million.
While organizations often focus their attention on a data breach’s impact on their bottom line, there are several other ways a cyber attack can impact a company. Data breaches can have deeply felt effects in every part of an organization, from the legal department to marketing to day-to-day business operations.
How breaches can affect your organization
1. Financial impact
As mentioned above, the most obvious impact breaches have on organizations is economic — a single attack can cost millions of dollars, and cost can stretch past the initial attack over the next few years, according to Ponemon. It’s also important to note that the average cost of a data breach in the U.S. is higher than in other countries — Ponemon’s report found that companies in the U.S. average $8.19 million per breach.
While costs like these are significant for any company, they’re enough to ruin a small or mid-sized company, and unfortunately, according to Ponemon’s 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses report, attacks on small and medium-sized companies are on the rise.
2. Reputational loss
Your customers and partners trust you with their data. If you’ve been breached, and their data has been exposed, that can mean a loss of their trust and the business relationships that come with it. This can be further exacerbated by reports of a major breach in the press, especially if it looks as though your organization did not take proper precautions to avoid this sort of attack.
When cyberattacks erode your business’s reputation, that can lead to a variety of losses that will impact other areas of your organization, such as a loss of customers, sales, or an impact on your supply lines or investors.
3. Loss of productivity
A ransomware attack — an attack that encrypts files, and later demands the owners pay ransom for the decryption key — can cause a business to grind to a halt. So can a Denial of Service attack, or any other attack that brings work to a standstill until order can be restored — either through meeting the attacker’s demands or through a security team’s hard work.
In the case of a ransomware attack, there may not be many workers can do while they wait for the ransom to be paid — if they can’t access the data, network, access, and systems they normally use to conduct business, they may not be able to do much work at all, that means lost productivity. According to SANS most recent threat report, ransomware attacks spiked in the last quarter of 2019, but the good news is that ransomware attacks are often phishing attacks that can be avoided by teaching your employees good cybersecurity practices.
4. Legal liability
Once you’re responsible for someone else’s data, you’re subject to data privacy laws. That means that if you’re breached, you may be held liable, and face fines or other legal penalties.
If your customers live in the European Union, for example, you must comply with the General Data Protection Regulation (GDPR), which can fine violators €20 million or 4% of global revenue, whichever is higher and allows specific state authorities to issue their own sanctions, such as bans on data processing or public reprimands, which can have an effect on your organization’s reputation as well.
5. Business continuity
If it’s not managed well, a data breach can do lasting damage to your organization. Given the many ways an attack can affect an organization, this isn’t surprising — if you’re not prepared to be attacked, you can lose funds, customer trust, productivity, and potentially be taken to court. It may even affect the sale of your company in the future. Take Yahoo’s breaches, for example. In 2016, Yahoo suffered two large data breaches, compromising more than 1 billion accounts. Those breaches were felt a year later, Verizon acquired the company for $350 million less than originally planned.
The Ponemon Institute finds that organizations with a business continuity management plan in place before an attack are better able to identify, contain and prevent future breaches. Those organizations were also able to reduce the average per capita cost of their data breach by 6.5 percent.
How SecurityScorecard can help
As Ponemon found in their report, it’s important to have a plan, and controls in place before a breach even takes place. SecurityScorecard can help you monitor the cyberhealth of your enterprise across 10 groups of risk factors with our easy-to-understand security ratings. Our ratings continuously monitor every part of your security operation, from DNS health to web application to patching cadence.
Once your score drops, you’ll know that something has changed, and our platform will then offer remediations to help you fix the problem before there’s a breach. By continuously monitoring your enterprise’s security, you’ll be able to take action and protect your data and that of your customers and partners.