Data security breaches are no longer just an IT problem—they’re an exec and board level problem. By now this should be obvious to everyone. Today’s advanced cybercriminals are perpetrating ever more targeted, dangerous and frequent attacks. And the cost of these attacks is growing fast.
And yet security is still not high priority at board level. Too many business executives still consider security breaches merely a cost of doing business rather than a serious threat to their companies. They know breaches cast a long shadow, but they tend to look at the bright side. They figure they can simply buy cyber insurance or set aside emergency funds for that rainy day.
What many don’t understand is that the costs of a breach run very deep. A data breach can cripple an entire organization, negatively impacting company value, business productivity and brand reputation. Studies have found that company stock prices fall an average of five percent on the day a breach is exposed. And it gets worse, companies often lose a third or more of their customers due to a breach. Studies also found that 31 percent of consumers will discontinue their relationship with a breached organization and 65 percent will lose trust in that organization.
These studies should serve as a wakeup call for every senior executive. No one wants to be the next Yahoo, which suffered two massive data breaches, affecting an estimated one billion accounts and resulting in a $350 million reduction in the company’s sale price to Verizon. Now I understand we don’t all run multi-billion pound companies here in Northamptonshire but there are some very well recognised brands and well established businesses which have fallen victim to a cyber attack and had either their customer data breached or lost a significant amount of data.
Here’s the bottom line: security is a core business concern that demands the attention of the owner, the Executives and the board of directors. In fact, a breach can damage a company’s image for good. Studies have found that breaches rank in the top-three most negative impacts to brand reputation, following terrible customer service and environmental disaster. Yet, in many organizations, security is relegated almost entirely to IT. And according to studies, 61 percent of IT practitioners do not believe their companies have a high level of ability to prevent breaches.
When you couple this with the 71 percent of Marketing Directors who believe the biggest cost of a security incident is the loss of brand value and the whopping 66 percent of IT respondents who do not believe protecting their company’s brand is their responsibility, one quickly sees a glaring and potentially disastrous internal disconnect.
These studies should serve as a wake-up call to every organization that security isn’t just about protecting data, it’s about protecting the business. It can no longer be considered just an IT problem — it must be elevated to the boardroom because it requires a holistic and strategic approach to protecting the whole organization. Decision-makers need to fully understand the security problem, because most organizations aren’t making smart security investments.
It is predicted companies will spend more than £68 billion globally on cybersecurity in 2018. But that massive amount of money is not making a dent in the problem. Today, with the rapid introduction of new technologies, platforms, applications and practices, companies are operating in a very different security landscape. As organizations move their data to the cloud, share it with partners and allow their employees to access data from almost any location on their PCs, smartphones and other devices, billions of new connection points are being created and with it, just as many potential vulnerabilities.
It’s not vital for executives to be cybersecurity experts. But they do need to have the right investment priorities. And if they do, they will benefit.
Here’s the reality: Breaches don’t have to happen. But to ensure they don’t, leadership needs to make stopping them a business priority.
For IT security advice and best practices contact Dufeu IT to arrange a business technology review.