Lax Online Security Can Destroy Your Brand Overnight
Managing your brand in the twenty-first century can be a tremendous challenge. Many factors impact your reputation, which is of growing concern for most entrepreneurs. A recent study from RiskVision found that businesses are even more concerned about their reputation than security breaches.
"It was a surprise," says Joe Fantuzzi, president and CEO of RiskVision. "Despite all the noise and issues around cybersecurity, organizations really fear brand damage. Brand damage can come from cybersecurity breaches, but it can also come from lost intellectual property. Lost intellectual property includes accidents such as losing laptops, but also extends to bad market news."
These companies are making a grave mistake if they think these issues should be treated separately. Security breaches can irreparably damage a brand image.
Poor security practices can destroy your brand.
Customers weigh many factors when valuing a brand. A company may offer impeccable services, but the company's reputation will still collapse if it fails customers in other ways (such as not preventing a breach).
During the dawn of the digital era, executives didn’t see a connection between security breaches and their brand image. Customers may have placed the blame on the perpetrators behind the attack and viewed the company as an inculpable victim. In more recent years, the blame is being shifted squarely on the shoulders of the brand.
Early last year, CSO and OnePoll conducted a study to understand the impact poor security had on a company’s brand image. They found that over 86 percent of customers reported their likelihood to conduct business with a company that suffered a security breach involving customer financial information as: “not at all likely,” or “not very likely.”
Companies can no longer rely on their own status as victims to shirk responsibility. Their negligent security standards harm their customers, so they will face serious repercussions for security breaches.
CSO points out that Target’s sales plummeted 46 percent in the fourth-quarter immediately after their historic security breach. Customers felt Target responded inappropriately to the breach.
SMEs must take even more stringent precautions to protect their reputation.
CSO points out that the damage to larger brands is often temporary and minimal. Customers may be more willing to view it as a short-term blunder, provided the company responds appropriately. “This said, it could be argued that big, established companies are confident they can ride on past the fines and fees, and keep hold of their customers. UK’s TalkTalk even locked some customers into contracts -- albeit with improved packages -- on that basis.
To add to this, there is a theory that stocks eventually recover, a view backed up by Sean Mason, director of threat management at Cisco security services. Mason, a man who previously claimed to have “debunked" the myth that breaches materially impact stock price.
He’s got a point. For example, Home Depot’s data breach, which saw the compromise of 65 million customer credit and debit card accounts, saw breach-related costs come in at around $62 million. The company’s stock price decreased minimally one week after the announcement, but in the third quarter of 2014 Home Depot showed a 21 percent increase in earnings per share.”
The study didn’t assess the impact security breaches had on smaller brands. However, the impact is presumably much greater.
A 2016 study from KPMG found that 89 percent of small businesses that their reputation suffered after a security breach. Around the same time, the National Cyber Security Alliance released an even more alarming report, showing that 60 percent of small businesses collapse within six months of a security breach.
However, only 23 percent of small businesses rated cyber security as one of their top concerns, suggesting many companies fail to take adequate precautions until it is too late. The authors advised companies to take all necessary precautions to minimize these risks.
“Companies failing to adequately protect their data from cyber breaches don’t just put a few documents at risk. Losing valuable data can have a lasting and devastating impact on a company’s finances, customer base, ability to grow -- and ultimately its reputation.
Adequate cyber security does not need to be time consuming or complex. Businesses should follow these three simple steps: use three random words to create a strong password, install security software on all devices and always download the latest software updates.”
Implementing cybersecurity solutions can be challenging even with the right infrastructure. A survey of growing SMEs found that 65 percent struggled to develop an effective cybersecurity strategy in the cloud.
Migrating to a more secure environment or installing the right tools isn’t enough. Brands must develop a carefully thought-out IT security plan and enforce it consistently.
Online security must be a concern before a breach occurs. Too many companies wait too long to implement necessary cybersecurity solutions. They need to make it a top priority before a security breach occurs. Small businesses that fail to prevent a security breach are likely to face bankruptcy -- but even if they don't have to close their doors, they will have lost the confidence of a more informed base of customers.