Why Cyber Security Should be a Top Business Priority
By Faki Saadi, Director of Sales, France, UK and Ireland at SOTI
Across the UK, cyberattacks are an increasingly common and rapidly evolving phenomenon. Whether it’s a ransomware attack crippling a business or a simple phishing scam, businesses, the economy and society as a whole are feeling the palpable impact of these incidents.
In a post-pandemic landscape, many UK businesses raced to digitise and embrace hybrid working models, opening even more vulnerabilities, and a challenging economic climate has pushed cybersecurity right down the priority list.
The UK government’s latest Cyber Security Breaches Survey found that smaller companies are more concerned by economic worries, such as inflation and uncertainty, than protecting themselves from a potential cyberattack.
With many organisations underestimating the security risks and collateral damage that even a minor data breach can create, let’s explore why security needs to be more than a tick box exercise.
A Question of Losing Money or Trust
Does cybersecurity only become a priority after your business has been attacked? Because by then, it’s probably too late. From our research, we found that the vast majority (89%) of retail customers will switch brands if a company loses their personal data. Across all industries, 70% of customers avoid businesses impacted by a data breach.
Not only does a security breach impact those outside an organisation, but it also damages the morale of those inside of it. Fifty percent of employees working for an organisation that experienced a cyberattack would seriously consider quitting because of it.
Moreover, there are the financial consequences of treating cybersecurity as an afterthought. The total average cost of a data breach is over $4 million (USD), and that doesn’t account for fines or penalties associated with cybersecurity failure. For example, as per the General Data Protection Regulation (GDPR), an organisation found to be negligent regarding cybersecurity can be forced to pay up to €20 million or 4% of its annual global revenue, whichever is greater.
Maybe the initial loss of revenue can be recouped through insurance claims or litigation against those who caused the breach. However, losing the trust of customers and employees will be hard to regain. With customers entrusting businesses to secure things like protected health information (PHI) and personally identifiable information (PII), should that data become lost, stolen, or compromised, there’s almost no coming back for the organization responsible.
Cybersecurity as a Business Responsibility
Cybersecurity must move beyond simply checking a box. It needs to become ingrained in how an organization thinks, behaves, and operates. The impact of an organization’s cybersecurity efforts should continually be communicated to customers to further build trust.
Making security part of a company’s culture can take many forms. For example:
- Ongoing Training: Many organizations only conduct annual cybersecurity training, which has been shown to have a minimal effect. A study found that employers participating in email phishing (responsible for 90% of data breaches) training every four months were able to retain what they learned and identify and avoid clicking on malicious emails.
- Protect Data and Devices: Sensitive customer data can be found on corporate smartphones, tablets and enterprise apps. Additionally, unsecured devices like printers are also a gateway to critical information. It’s crucial to keep all devices protected.
- Protect Passwords: The most easily hacked password is 123456 and can be hacked in one second. Encourage employees to create strong, unique passwords and update them frequently. As a reference point, a 12-character password with one upper case letter, one symbol and one number would apparently take 34,000 years to crack.
- Avoid Public Networks: While working from a coffee shop might be a nice diversion from the home office, sensitive data is put at risk when using public networks. Remind employees to stay away from public networks while working or use a VPN if they must connect.
- Be Vigilant: Remind employees to adopt a Zero Trust mindset and be suspicious of every link, message, email, pop-up or website they come across, as clicking or opening them could be the gateway hackers are looking for. Once a threat enters a company network, it will most likely gain access to all of that network’s resources and data.
As we advance further into the digital age, security cannot merely be an afterthought in business strategy. Businesses that prioritise cybersecurity demonstrate a commitment to safeguarding customer data and fostering trust and loyalty, while avoiding potentially disastrous consequences.
Uma Rajagopal has been managing the posting of content for multiple platforms since 2021, including Global Banking & Finance Review, Asset Digest, Biz Dispatch, Blockchain Tribune, Business Express, Brands Journal, Companies Digest, Economy Standard, Entrepreneur Tribune, Finance Digest, Fintech Herald, Global Islamic Finance Magazine, International Releases, Online World News, Luxury Adviser, Palmbay Herald, Startup Observer, Technology Dispatch, Trading Herald, and Wealth Tribune. Her role ensures that content is published accurately and efficiently across these diverse publications.