Safeguarding data is a business problem, not an IT problem. Just as the benefits of adopting cloud platforms and services will impact every part of a company, so will the consequences of a security breach that leads to the loss of information stored and processed in the cloud. A recent Ponemon study commissioned by Centrify has shown that data breaches have a far-reaching and devastating effect on UK businesses – causing particular damage to reputation and customer loyalty.
More than half of the consumers that responded to the survey had been affected by a breach; 65 percent of whom lost trust in the company, while 27 percent ended their relationship with it altogether.
As the Brexit process gains pace, reputation will become increasingly valuable. Strong customer loyalty will help to sustain business revenues if consumer confidence and spending continue to dip. However, neither IT bosses nor senior level executives are taking responsibility for protecting reputation.
[clickToTweet tweet=”Data breaches have a direct impact on company finances and shareholder value” quote=”Data breaches have a direct impact on company finances and shareholder value” theme=”style3″]
This must change. Data breaches have a direct impact on company finances and shareholder value: the share prices of the companies surveyed by Ponemon dropped an average of five percent following the disclosure of a breach. They also experienced up to a seven percent customer churn, with an average revenue loss of £3.07 million.
Appropriately protecting customer data in the cloud, and at every other point it resides or passes through, is a bottom-line issue. It is also a significant challenge, however, when there are troubling ‘blind spots’ and disconnects – both across the organisation and between the business and its customers.
Time for a reality check
When it comes to the biggest threats facing UK companies, IT practitioners and senior marketers both believe that a data breach ranks at the top, with marketers viewing it as more damaging to reputation than a scandal involving the CEO. However, while marketers recognise loss of brand value as the biggest cost of a breach, IT practitioners are more worried about losing their job, or the department coming under greater scrutiny.
Just 23 percent of CMOs and three percent of IT practitioners are concerned about a decline in the company’s share price.
There’s also disagreement over who is responsible for protecting the brand: 71 percent of IT practitioners believe it has nothing to do with them, whereas approximately two-thirds of senior marketers believe the IT department should take responsibility. While 60 percent of senior marketers say their department collaborates with other functions in maintaining brand reputation, only 18 percent of IT departments do this.
There is one thing IT leaders and CMOs do agree on: more than a third think senior managers in their business are failing to take brand protection seriously.
The expectation gap
Most customers will be users of cloud services themselves, at home and at work. They are probably aware of the limitations and risks and will have seen reports of high-profile data breaches in the media.
It’s hardly surprising, therefore, that they have high expectations about what companies should do to safeguard their personal information, in the cloud and elsewhere. A huge 79 percent of consumers believe organisations have an obligation to take reasonable steps to secure their personal data, while 70 percent say a company’s privacy and security practices are very important to preserving their trust.
Businesses must do more to meet customer expectations if they are to preserve loyalty and reputation as the terms and the effects of Brexit become clearer.
Businesses must do more to meet customer expectations if they are to preserve loyalty and reputation as the terms and the effects of Brexit become clearer. This means upgrading cybersecurity to ensure customers can feel confident that their information is being protected from leaks, loss and theft, wherever it is held or processed.
Leading from the front
Data security is a whole business issue that requires a whole business approach. This is why ultimate responsibility for preserving reputation by protecting customer data lies with the senior team.
They must take the lead on developing and implementing a comprehensive security strategy that protects the entire business and brand. They are also in the best position to drive the culture change required to ensure that IT better understands the link between cybersecurity and brand protection, departments are aligned on priorities, and everyone is aware of the consequences of a breach.
The strategy should ideally include:
Appointing a fully dedicated chief information security officer (CISO) to help move the organisation to a stronger security posture.
Opening up clearer channels of communication – encouraging and facilitating collaboration between lines of business to determine and execute shared data security plans.
Making strategic investments – allocating adequate budget to putting in place skilled people and security-enabling technologies, especially enterprise-wide encryption and an identity and access management (IAM) system to control and audit who can see what data and when. This will protect the business if the worst happens: the Ponemon research found that the stock prices of companies with a strong security posture recovered much more quickly following a data breach.
Educating employees – with training and awareness programmes that increase their understanding of the risks of data breaches, and their role in protecting information from loss or theft.
Preparing for the worst – by creating a comprehensive incident response plan. This should include procedures for communicating with customers, investors and regulators, and pre-assigned roles and responsibilities.
Carrying out regular security assessments – to shine a spotlight on vulnerabilities in the organisation’s computer, network or communications infrastructure.
Participating in threat sharing programmes – with partners and other companies you trust to prevent and quickly detect attacks that might be targeting your sector, and avoid duplicating work that’s already been done.
As Brexit gets closer, customers’ priorities, concerns and attitudes will evolve. Sustaining their trust and loyalty will help businesses stay profitable though uncertain and potentially turbulent times. This is why data security is no longer just about protecting data; it’s ultimately about protecting corporate reputation and brand value.
When reputation takes a hit, this has serious long-term financial consequences: loss of revenue, erosion of shareholder value, and a drop in productivity caused by the time it takes to recover. And if data cannot be appropriately secured on cloud and mobile platforms, this will limit the adoption of such technologies – and therefore the benefits to be gained by doing so.
The companies that survive and thrive as the UK departs from the EU will be those that recognise this and take a holistic and strategic approach to strengthening the whole enterprise’s resilience to breaches.