Data Breaches Become Business-As-Usual

With the volume and velocity of data breaches increasing year-over-year, it’s safe to say no business is safe. Now is the time to be prepared for the myriad of threats to personally identifiable information (PII) – that your business has on employees, customers, partners, vendors – essentially all of the data that runs the business.

Data breaches are often not easily contained (Equifax) nor can their impact be viewed as trivial. Let’s take a closer look at the impact of today’s data breaches upon businesses of all sizes.

Small Businesses, Big Targets

Despite organizations of all sizes making security a growing priority, small businesses remain a top target for cybercriminals. In fact, Verizon found that small businesses represent 58 percent of data breach victims.

Although data breaches can happen rapidly, it’s reported that 68 percent of these security incidents in 2017 took “months or longer” to identify. This delay in discovery provides hackers with more time to not only steal personal and confidential data, but to put measures in place for long-term data exposure and compromise. Ultimately, this can accumulate costs to the point where many small businesses aren’t able to recover.

Following the Chain-of-Command

Most cyberattacks are executed by outsiders, with the intention to steal sensitive PII and proprietary data. Fraudsters deploy their attacks most commonly through email – with 30 percent containing malware.

Businesses are structured in a hierarchy, which makes it easy for thieves to follow the chain-of-command. Therefore, cybercriminals don’t have to brute-force attack your company’s secure networks. Instead, they often target employees in phishing attacks impersonating executives, or installing malware onto employees’ devices.

Addressing the Financial Consequences

The most obvious impact to a business after a data breach is financial loss. But not all data breaches are equal. The number of individuals affected, the type(s) of information compromised, and how the event was handled by the breached organization will all contribute to the total incident cost.

For example, Ponemon’s 2017 Cost of Data Breach Study cited that the average cost of a small business data breach was $690,000, compared to the upwards of $350 million for mega breaches exposing more than 50 million records.

Beyond Dollars and Cents

While the financial hit plays a major role in a business’ post-breach recovery, the impact of a cyber attack is felt not only internally, but externally.

Damage to Business Credit

Like personal credit, fraud can negatively impact your business credit score and therefore make it a challenge to obtain credit. This is especially impactful for small and mid-sized businesses who may rely on their credit line to make payroll or fill inventory.

Risk to Reputation

Even if your business fully recovers financially from a data security incident, your reputation may take longer to heal. This is especially the case for breaches that contain sensitive PII like Social Security numbers, which can easily be used to steal victims’ identities and commit fraud.

Client & Customer Business Impact

Compromised Web applications, many with direct touch points to your clients, were identified as a top cause of data breaches in 2017. With personal data being the most common type of information exposed, your customers are the primary data breach victims.

As a result of a hack, customer and client loyalty can take a direct hit. A nationwide study reported that 75 percent of U.S. consumers wouldn’t engage with a company they did not trust with their data, which relates back to the risk to your reputation. Additionally, 77 percent indicated that whether or not they “trust” the business influences their buying decisions.

Take Action Today to Protect Your Business

Here are some recommendations to help protect your business from today’s data breaches:

  • Secure common identity crime and cyberattack touch points. Make sure you have a plan for reporting and mitigating internal security risks. In addition, have security protocols in place for your end consumers, who are using your company’s web applications.
  • Protect your consumers’ data. Misconfigurations were among the top causes of data breaches last year, reporting more than 2,000 security incidents due to “miscellaneous errors.” More than half of those incidents involved data sent to the wrong recipient. Be sure any data storage system that holds sensitive PII is properly configured, and that you have the IT support to maintain it.
  • Properly train your staff. Verizon also noted an 83 percent increase in attacks targeting HR departments. Implement security training for employees so they can recognize common phishing and scam red flags.
  • Keep your business credit in mind. Regularly check your business credit report, and read more about business credit in “My Business Has a Credit Score?
  • Prepare for a breach before it happens. If a data breach does occur, make sure you have a response and notification plan in place. Maintaining transparency in your policies and procedures can significantly reduce the cost of recovery.