A recent survey by Ping Identity shows that customers move away from brands that have suffered data breaches.
Data breaches are now a common occurrence – big-name brands affected in 2018 include FIFA, British Airways, Vision Direct, Eurostar and Marriott. These are just a few of the household names that have suffered at the hands of criminal hackers this year and are under investigation; any penalties are yet to be confirmed.
It is essential for organizations of all types and sizes to do their absolute best to reduce the risks of a data breach. Not just because regulations and standards such as the GDPR (General Data Protection Regulation) and PCI DSS (Payment Card Industry Data Security Standard) demand it, not just because of the impact a breach has on daily operations, but because there is statistical proof that customers will abandon brands that suffer a breach.
The risk of long-term reputational damage cannot be ignored.
The report’s key findings
Ping Identity surveyed more than 3,000 consumers from France, Germany, the UK and the US to examine attitudes and behaviour in a post-breach era. Its report states the following key findings:
- One in five people (21%) have been the victim of a breach. Of those 34% experienced financial loss.
- Following a data breach, 78% of people would stop engaging with a brand online. Furthermore, nearly half (49%) would not sign up and use an online service or application that recently experienced a data breach.
- 59% prioritize the protection of their personal information when interacting with an online application or service, compared to only 12% who
prioritisea convenient, straightforward user experience, and 7% who prioritisea personaliseduser interface.
- However, more than half of consumers (56%) are not willing to pay anything to
applicationor online service providers for added security to protect their personal information.
Although consumers are increasingly aware of risks and prioritise safety when choosing which platforms to interact with, the final finding highlights the fact that they still consider information security a corporate responsibility rather than a personal one.
How can organizations reduce the risk?
- Understand, align with and operate within the regulatory requirements of your industry. Whether that is the GDPR, PCI DSS, Cyber Essentials or the NIS (Network and Information Systems) Regulations, compliance with regulatory frameworks will ensure you take the best steps to reduce and enable you to respond effectively if you do suffer a breach.
- Train your staff. Human error remains a leading cause of data breaches, so creating a cyber security culture in the workplace is the best defensive strategy. Training can be classroom-based, but there are other options such as e-learning, in-house training courses, and – of course – books for independent learning.
- Remain vigilant at all times. Within the realm of cyber security, being a little paranoid is a healthy approach. No one is too big (as seen from the organisations that have recently hit the headlines), nor too small. A 2018 survey revealed that SMEs (small and medium-sized enterprises) are unprepared for cyber attacks, despite 25% of them believing breaches are a matter of ‘when’, not ‘if’. The average cost for an SME to recover from an incident is about £90,000, so small organisations should invest in security measures to reduce risks.
Gartner predicts that global security spend will reach $96 billion by the end of the year due to four factors: regulatory change, buyers’ mindset, growing awareness of threats and changing to a digital business strategy. D
Protect your organization
Our easy-to-integrate, Cloud-based tools – vsRisk Cloud, the Data Flow Mapping Tool, the DPIA Tool and Compliance Manager – help you identify your legal requirements, understand the data you process and conduct information security risk assessments in line with international best practice.
Suitable for organisations of all sizes, vsRisk Cloud is a leading information security risk assessment tool that delivers fast, accurate, auditable and hassle-free risk assessments year after year. Fully aligned with ISO 27001, it significantly cuts the consultancy costs typically associated with information security risk assessments, and helps protect your organisation from the penalties and financial losses associated with data breaches.
The Data Flow Mapping Tool simplifies the process of creating data flow maps, giving you a thorough understanding of the personal data your organisation processes and why, where it is held and how it is transferred.
The DPIA Tool walks customers through the six steps they must complete as part of a DPIA (data protection impact assessment). The tool also helps you determine quickly whether a DPIA is required, and that you ask all the right questions.
Avoid spending significant time and money researching relevant laws and regulations for your