Inside the Ink

The Unseen Consequences of Data Breaches

It’s no secret that the costs associated with data breaches are trending upward at alarming rates. Just this year, IBM’s annual Cost of a Data Breach Study found that the average cost of a single data breach is approaching $4 million. Although IT repair, identity monitoring services, and regulatory fines quickly make their way to financial statements, others covertly chip away at the bottom line over time. Simply put, it’s not enough to add up the quantifiable costs of a breach when assessing the ROI of cybersecurity in the equation. Companies must also factor in the unseen consequences of a data breach, which can often result in even more damage than initial costs. Patching up vulnerabilities and offering free credit monitoring as a post-breach response only treats the symptoms, while the underlying disease continues to progress. Keep reading to learn about four cascading consequences of data breaches that can impact your company in the long run. #1 Reputational Damage Reputational damage and brand erosion in the wake of a breach is not easily measured, as it is carries on for years after news of an attack. The Ponemon Institute estimates that 65% of data breach victims lose their trust in a brand after a data breach. Even worse, consumers voice their displeasure within their circles, a phenomenon that is magnified with the advent of the internet. Interactions Marketing notes that 85% will tell others about the breach, and more than 30% will take to social media to complain about the company. For today’s consumers, a data breach is akin to a scarlet letter that can brand a business for years. Whether it’s an SMB or large corporation, the efforts to overcome this stigma greatly outweigh the costs of protection, since companies often don’t always have a say in whether or not customers will give them a second chance. #2 Customer Attrition As frightening as it may sound, today’s consumers do not forgive companies that cannot protect their data and are increasingly more likely to stop spending altogether after a breach. A recent study by Business Wire found that 81% of consumers would stop engaging with a brand online following a breach, destroying years of relationship-building and promotional efforts. In fact, 80% of customers are willing to take their business elsewhere. Ultimately, customer rejection can be the proverbial nail in the coffin that prevents companies from ever truly recovering from a data breach. It’s estimated that 60% of SMBs fold within six months of a data breach. As one enraged Equifax consumer told The Wall Street Journal, “if I can’t trust Equifax to do their own job, I’m not going to hand them my money and say, ‘Hey, watch this for me.’” This customer’s sardonic take serves as an eerie warning to all businesses: data breaches have lasting effects. #3 Continued Attacks Companies compromised by a data breach can find themselves or their customers victimized again in the future. The rise of credential stuffing attacks makes it increasingly likely that hackers will apply previously stolen data to easily access accounts and IT infrastructure, often without detection. Nearly a quarter of all data breaches occur due to stolen credentials, and successive attacks only make reputational recovery and renewed customer confidence more difficult to achieve. Find out how Dark Web ID™ can shield your organization from credential stuffing attacks here: https://www.idagent.com/dark-web/ #4 Increased Premiums Cybersecurity insurance are becoming a widely adopted practice within the industry, yet their value can be easily skewed. As we reported last month, such plans do not holistically cover the cost of a data breach. As more customers cash in on these insurance plans, the costs increase and companies that file a claim can expect their premiums to rise. Moreover, many businesses discover that their policies provide insufficient protection against financial loss, as insurance companies battle to restrict payouts. In one case, a cyberinsurance company only agreed to pay $50,000 on damages to a company that exceeded $2 million. Cybersecurity insurance is by no means a “silver bullet” and could even invite additional costs after a data compromise. Applying the best solution Although the unseen consequences of a breach may appear worrisome, we’re not here to spell out doom and gloom. By being proactive, you can protect your institution from being victim to a breach, and future-proof yourself in the event of an attack. Cybersecurity needs to be a bottom-line, top priority at every company. Especially for SMBs who often lack the financial and personnel resources to recover from a breach, partnering with a managed service provider can provide the oversight and protection needed to navigate today’s digital environment. ID Agent provides a comprehensive set of people-centric cybersecurity solutions to private and public sector organizations worldwide. See how you can leverage solutions for Dark Web Monitoring, password management, and employee training to safeguard your customers, employees, and organization from breach. Resources https://www.ibm.com/security/data-breach https://www.centrify.com/media/4772757/ponemon_data_breach_impact_study_uk.pdf https://www.interactionsmarketing.com/press-releases/interactions-finds-45-percent-of-shoppers-dont-trust-retailers-to-keep-information-safe/ https://www.businesswire.com/news/home/20191022005072/en/ https://www.forbes.com/sites/forbestechcouncil/2017/12/08/mind-the-trust-gap-how-companies-can-retain-customers-after-a-security-breach/#2235b64f6c95 https://www.inc.com/joe-galvin/60-percent-of-small-businesses-fold-within-6-months-of-a-cyber-attack-heres-how-to-protect-yourself.html https://www.wsj.com/articles/the-capital-one-hack-life-in-the-time-of-breach-fatigue-11564824600 https://info.idagent.com/blog/stop-credential-stuffing-attacks https://enterprise.verizon.com/resources/reports/DBIR_2018_Report.pdf https://info.idagent.com/blog/the-week-in-breach-09/25-10/01/19 https://slate.com/technology/2018/07/cyberinsurance-company-refuses-to-pay-out-full-amount-to-bank-after-hacking.html