I often hear small and medium businesses say, “we have never had a data breach, so why do we need to worry?” and ask, “why would we be a target of cyber-crime”?
Stuart Leach, Group CISO Wonga, writes: The response to the latter part of the question I will answer throughout this article but the former I will answer with another question – how would you know if you have suffered a data breach? and how would you know if you are suffering a breach right now? I am not one for fear, uncertainty and doubt (FUD), but I do believe in the need for visibility, realism and pragmatism. I feel strongly that cyber security is intrinsically linked to doing the right thing by the organisation, industry, consumers and society as a whole, but this will only be effective if the ecosystem across all industries implement a good and appropriate level of cyber security. This is an ambitious goal but one that we must strive towards. Rightly or wrongly organisations react when there is enough pressure from the consumer and with regulations such as the EU GDPR, awareness and expectation is increasing.
The time of the conscious consumer is here, and trust is now a competitive advantage.
Organisations regardless of size, industry or their place in the ecosystem operate in a time where a negative consumer experience travels through social media in real-time and like wildfire. In this unpredictable digital age, brand reputation can be made or destroyed by factors outside of an organisations control such as; regulatory change, cyber security and data privacy etc. Mix this with the proliferation of social media influencers commanding an enormous following, and it has never been a better time for organisations to demonstrate their commitment to corporate social responsibility.
According to the 2019 SAI Global Reputational Trust Index, 65 percent of those surveyed viewed data privacy as the most important attribute when considering a company’s trustworthiness, to an extent where 75 percent of consumers would accept a lower quality product for increased data protection. This illustrates that an organisations commitment to data security is paramount in winning consumer trust and creating a sustainable reputation. Cyber-crime is a societal issue and as such all parts of the ecosystem must be part of a sustained effort to combat it, this will go some way to demonstrate to consumers the importance organisations place on protecting personal data as a fundamental human right.
Every organisation faces cyber security challenges, no matter their industry or size. All organisations hold information that is valuable; be that financial information, personal information of consumers or employees and/or intellectual property. If there is value in that information and it can be monetised, then rest assured cyber-criminals will be interested.
Cross industry research shows that cyber-criminals target all industries and organisations of any size. To that point research and successful cyber-attacks show that small and medium businesses are an attractive target due to the perception that they are more susceptible to an attack, with the added benefit that they could lead to larger targets in the supply chain.
The impact of a breach where cyber security measures are found wanting are likely to result in increased reputational damage, increased time to recover, loss of existing business, loss of new business, and larger regulatory fines. Research conducted by the National Cyber Security Alliance estimated that 60% of small companies go out of business within six months of a cyber-attack. Conversely research by the Ponemon institute indicates that organisations that invest in a security programme and treat proactive and reactive transparency as a business imperative will build invaluable trust with their consumers and will find a greater level of long-term loyalty during and after a crisis such as a data breach.
In summary: organisations of all sizes and industries are susceptible to cyber-crime be that as a direct target, a vector to another target or just as collateral damage. All organisations sit in the overall ecosystem and hold something of value that cyber-criminals are likely to be able to monetise, trust is an increasingly valuable commodity by which organisations will be judged and cyber security is one of the fundamental cornerstones on which trust is built.