Brits Shun Brands Following Breaches
There appears to be a significant disconnect between the amount of reputational damage organizations believe they incur following a breach and the reality in the minds of their customers, according to two new reports out this week.
The UK government’s 2016 Cyber Security Breaches Survey released on Sunday claims that just 4% of breached UK firms thought their brand or reputation had been damaged by the incident over the past year.
This is compared to 31% who said it stopped staff carrying out their work and 55% who said it forced them to look at new security measures to prevent a similar attack in the future.
However the reality, according to security vendor FireEye, is much different.
The firm interviewed 1000 UK consumers and found that 72% would probably stop buying from a company in the future if it was revealed that a data breach had been partly caused by the boardroom neglecting to invest in cybersecurity.
Over a third (38%) said that they have a negative perception of firms breached last year, while 27% said that the breaches made them view all organizations they buy from more negatively.
Nearly two-thirds (62%) said they’ll give less personal information to firms as a result of breaches over the past year, while over half (52%) said they’d take legal action if their details were stolen from a company they buy from.
The stats seem to show rising expectation levels among the public that the firms they interact with keep their personal data safe and secure.
In fact, 92% said they’d expect to be contacted within 24 hours of a breach – faster than the 72-hour window which will be imposed by the forthcoming EU General Data Protection Regulation (GDPR).
The regulations will also impose fines of up to 4% of global annual turnover, which should also finally focus boardroom minds on cybersecurity.
It’s not just customer dissatisfaction that firms have to deal with following a breach, of course.
As TalkTalk’s financials proved this week, there can also be a serious hit to the bottom line.
The UK ISP revealed its profits for FY16 were more than half that of the previous year, thanks to the firm being forced to spend over £40 million on the aftermath of a serious breach in October and other security incidents.
“The findings from this survey show that people’s negative perceptions of brands can stick, long after the publicity has subsided, and that consumers affected by data breaches are increasingly pointing the finger at people at the top,” commented FireEye EMEA president, Richard Turner.
“There are some key lessons here for board executives who are beginning to recognize why they should take a more active role in cybersecurity.”
Source: Information Security Magazine