How a Security Breach Can Impact the Value of Your Brand
With data breaches making headlines and a wave of data protection regulations that favor data subjects sweeping the globe, consumers are increasingly aware of the importance of data security. However, consumers’ belief in companies’ ability to protect their data is tenuous at best: according to a PwC report, only 25% think companies handle their sensitive personal data responsibly, with 69% believing companies are vulnerable to hacks and cyberattacks. With consumers inclined to believe the worst, what happens when a company proves their fears right and compromises their sensitive personal information in a breach?
According to IBM and the Ponemon Institute’s Cost of a Data Breach Report 2020, the biggest contributing cost factor to a data breach, accounting for a staggering 39.4% of the average total cost, is lost business. This takes the form of not only business disruption and revenue loss due to system downtown, but also the loss of existing and new customers due to reputational damage and diminished goodwill.
The good news is that customers are more willing to forgive now than they were four years ago. While in 2017, 87% of respondents to a PwC survey were ready to take their business to a competitor if they didn’t trust a company to handle their data responsibly, in 2020 in another report by PwC, only 27% said they would stop doing business with a company if their data security or privacy had been compromised due to a security incident. Instead, 62% said they would either wait and see how the company responded to the breach or begin searching for an alternative provider, with no guarantee they would stay with the organization that suffered the breach.
That being said, losing 27% of customers itself would have disastrous repercussions for a company’s bottom line, regardless of its size. And that figure does not account for all the new business lost because of reputational damage. 85% of consumers say they will not do business with a company if they have concerns about its security practices.
Mitigating reputational damage
The 2020 report by PwC shows a willingness on the part of consumers to stay with a company despite a data breach, but their ultimate choice depends on how an organization handles the aftermath of a security incident. Transparency is key: 44% of consumers said transparency and quick action after a breach are important steps when it comes to building or rebuilding trust. Therefore, once a data breach has been identified, companies need to notify affected customers as soon as possible and inform them of the steps they are taking to rectify the situation.
Any results of investigations into a data breach should also be made public. If a breach was due to an unforeseen attack vector, employee negligence or a system vulnerability, companies have a chance to show that their existing cybersecurity policies were strong, but not infallible. Should poor security practices be found to be the root cause of a data breach, organizations must commit to improvement and regularly update customers on the ways in which they are upgrading their security policies.
A company that has suffered a breach, but has learnt from its mistakes, enhancing its cybersecurity strategies to ensure a second breach does not occur, shows consumers they are willing to change and have their best interests at heart.
Other ways organizations can rebuild trust from the point of view of consumers is to integrate privacy and security into products and services, encrypt all consumer information and company databases and include security experts in the design of each product. Ideally, consumers want to see data security and privacy become a core value of a company. These considerations are echoed in data protection legislation such as the European Union’s General Data Protection Regulation that enshrines the concept of data protection by design and by default into law.
Preventing reputational damage
Ultimately, preventing a security breach is considerably less costly than having to mitigate one. And while no data protection strategy eliminates the risk of a data breach completely, strong cybersecurity practices can considerably reduce the final price tag.
If the average total cost of a data breach is estimated to be $3.86 million in the US, having an incident response plan in place and testing it can save companies nearly $300,000. Extensive encryption can prevent a further $240,000 in costs and make data, even when stolen, unusable. Data Loss Prevention meanwhile can save $164,000 and block attempts to transfer sensitive personal data.
By ensuring that sensitive data cannot be made public or sold even when it is stolen, companies can reduce reputational damage and diminished good will in the aftermath of a security incident. Such measures can even boost consumers’ trust by proving organizations have taken steps to safeguard their data.
Are you looking to get your App built? Contact us at hello@devathon.com or visit our website Devathon to find out how we can breathe life into your vision with beautiful designs, quality development, and continuous testing.