A major security breach or cyber-attack can ruin the experience customers have with a brand. Failure to act decisively when customer’ interests or the security of their information is threatened, can be extremely costly. Yet, over half of all CEOs believe their organisations are unprepared and vulnerable to a variety of threats.
Recent cyber attacks, such as the WannaCry attack in the middle of May, have reinforced security as a top executive issue. The breach of trust and damage to a business’s reputation due to a breach in security can potentially lead to the business closing its doors.
Andrew Bycroft, Cyber Crime Specialist and CEO of The Security Artist, warns, “The impact of poor security can vary, There are the operational risks of IT systems going down or data being lost. This means lost transactions and revenue.”
“Poor productivity, because employees and customers can’t access applications, will degrade customer service levels. There may also be legal costs where an organisation is sued or fined for mishandling data that left it exposed. If the breach becomes public and reported in the media, the damage to a brand’s reputation combined with financial and legal losses, can be so severe that the business may never fully recover”, says Bycroft.
CEO’s believe their organisations are unprepared
Last year, KPMG surveyed 1200 CEOs from across the globe on security. Only thirty two percent of CEOs in Asia Pacific and Australia believe they are sufficiently prepared for future Cyber events. Cyber Security and the threats posed to organisations remain severely unaddressed, according to the KPMG survey.
The survey also revealed that CEOs face a series of challenges due to escalating competitive pressures and digital disruption. They are particularly concerned about the loyalty of their customers, keeping pace with new technologies and the relevance of their product or service in the near future.
Rather than a risk that needs to managed or to meet compliance requirements, Cyber Security is very fundamental to creating a positive customer experience. Bycroft highlights, “People most probably will not want to shop with a brand who has lost a bunch of credit card details.” Customers prefer to deal with brands that can be trusted and demonstrate their commitment to security and addressing cyber threats.
Be ready and prepared
The greatest threat, according to Bycroft is people being unware and unprepared for the dangers and the potential attacks that exist. Technology can only do so much, but it can’t prevent people clicking on something they shouldn’t.
He comments, “Attacks are more psychological rather than technical, involving humans interacting with other humans. Enterprises need to educate employees on the risks and how to respond to them and to take care when handling data concerning the business and its customers.”
The external threats to a business are far more prevalent than from threats within the organisation. However, internal threats have the potential to do far more damage, where people have far more access to sensitive data and systems compared to those hacking or phishing from outside the organisation.
Bycroft asserts, “Organisations need to take a more holistic approach to cyber security. Most resources are spent on threat prevention. The idea is that prevention is better than cure. The problem is, however, that so much effort is spent on prevention there are no resources or procedures allocated for response or recovery.”
Unfortunately, a significant number of organisations are not prepared to respond to an event or recover from it. Their approach is purely reactive, leaving themselves and potentially their customers exposed to a range of threats.