Building your business’ reputation and brand image takes time – years even – and costs money. Investment in marketing, customer services and PR activities does not come cheap, yet it could all be written off with a single data breach.
While many high profile enterprises appear to be able to ride out the storm of a data breach – TalkTalk, for example may have lost 101,000 customers after the 2015 data breach, but are still one of the UK’s leading telecoms companies – SMEs may not bounce back so easily.
In a survey for OnePoll, 86.55 % of 2,000 respondents stated that they were “not at all likely” or “not very likely” to do business with an organisation that had suffered a data breach involving payment card details. While figures were lower for less sensitive personal data, respondents were still unlikely to return as customers.
A report by the Ponemon Institute on Reputation Impact of a Data Breach also found that on average it takes a business or organisation almost a year (11.8 months) to restore a brand’s reputation after a data breach. You have to ask yourself, “Can your business survive in the interim?”
In a competitive marketplace your organisation’s brand image and reputation could be one of the key differentiating factors that is driving growth and profits. They are important business assets that need protecting, and as the risk of a data breach is continually increasing we believe that organisations need to be thinking more proactively about prevention.
Below are 5 ways you can do this. We should also draw your attention to GDPR: new EU legislation that comes into force on 25th May 2018. In the context of reputational damage and the financial cost of this, a data breach where a company has failed to comply with GDPR could result in fines of up to €2 million (or 4% of gross annual group revenue).
Combined with the fall out of a data breach, i.e. loss of sales, loss of existing customers, loss of prospective customers, the cost of remediation etc., these significant fines could be catastrophic for many organisations.
In many cases, businesses are relying on reactive cyber security solutions that are becoming increasingly difficult to manage. They involve multiple tools and multiple dashboards providing protection for many different systems and networks, against known and unknown threats. This approach drains time and resources, and often exposes businesses to threats because of gaps and inconsistencies in the tools deployed.
The following strategies can help you identify these gaps and take a more holistic and proactive approach to protecting your business, your brand image, and your reputation from data breaches:
1. Audit Your Systems
Do you have the big picture of what your IT assets and systems look like? Typically, these evolve as companies grow, new technologies become available, and working practices change. If you don’t have the big picture of what you have to protect, how can you protect it?
2. Re-Evaluate Your Priorities
In line with regulatory requirements and business continuity, what systems and data are most critical for your organisation? Are you investing time and resources in protecting non-critical systems while other, more sensitive data is vulnerable? Prioritise the areas that are most sensitive and have the biggest ramifications for the business if breached.
3. Review Legacy Contracts
Things change: priorities, threats, technology, and so on. Are your legacy contracts fit for purpose? Are they responsive and agile enough to provide the security required today and into the future? Also ask, “are 3rd party vendors and providers taking the right measures to protect your business from cyber threats?” Find out.
4. Get Everyone Signed Up
Everyone within your organisation needs to prioritise cyber security and data protection. Damage to the brand image and reputation can have repercussions for employees as well as senior leaders. Jobs could be lost, shares devalued etc. This can be a very motivating factor for focusing everyone’s attention on protecting systems and data.
5. Test Your Disaster Recovery & Business Continuity Plans
Got a disaster recovery plan? Does it work? DRPs need to be tested in the current cyber threat landscape. BCPs also need to be tested and reviewed, and managing the brand image and reputation should be part of your incident response.
Unfortunately, it’s not a case of if you get attacked but when. Threat monitoring is the perhaps the most proactive tool we have at our disposal, helping businesses protect their data and systems by identifying threats before they happen.