For SMBs, a being the victim of a cybersecurity breach could lead to extensive and expensive damage. Some may never recover leaving them with no other alternative other than permanently closing their business. For many SMBs, the reality is they are not prepared for cyberattacks.
As technology service providers, we have cybersecurity conversations with our clients on an almost daily basis. Here are some of the things we ask them to keep in mind as we seek to help them mitigate risks for their businesses.
1. Everyone is a potential target
One thing that many SMBs have a tough time with is the idea that they have anything worth a cybercriminal’s time. The reality is that all SMBs have data that is valuable to cybercriminals. Bank account information, personal identifiable information for employees or customers, manufacturing processes, technical drawings, intellectual property information, email addresses are all examples of valuable data to bad actors. They can use the information or data and they can sell the information on the dark web. Either way, all SMBs have data that has value so, no, your business is not too small or not on the cybercriminals radar to be a victim of an attack or worse, a breach.
Here is the kicker, 95% of cybersecurity breaches are caused by human error. That means that they may have been preventable. Today, Cybersecurity needs to be part of the business strategy, not an afterthought. With the right tools and employee education cybersecurity risk can be mitigated.
2. Costs of a breach
Dealing with a cybersecurity breach is costly. It means companies must stop doing business to deal with the breach impacting productivity and revenue. Here are some sobering numbers from a 2020 study by IBM and Ponemon.
- $1.52M – average total cost of a data breach
- 40% – portion of the cost due to lost business
- 280 days – average breach lifecycle. 207 days to identify the breach and 73 days to contain it
Remember that the numbers will be relative to the size of your business, but one thing is for sure, the costs of a breach will be devastating for businesses.
3. Legal fees
Depending on the type of data that was compromised, there may be legal implications that may involve a settlement. No one will be surprised to hear that the legal procedures take time. In fact, depending on the jurisdiction, there may be 3 to 5 years between the disclosure of a breach and a settlement. During that timeframe, the company will be paying things like legal fees and expenses, filing costs in addition to the actual settlement cost.
4. Cybersecurity laws
Protecting the privacy and personal information have become important topic of discussion in this digital world. Privacy laws such as The Personal Information Protection and Electronic Documents Act (PIPEDA) here in Canada, the General Data Protection Regulation (GDPR) in Europe as well as other such laws around the world need to be adhered to, both from a protection and disclosure point of view, to avoid what can be hefty fines. And if you are in industries such as healthcare and finance, there are additional compliance and regulations that need to be adhered to.
Violations of these laws can be very costly. It is important that the cybersecurity strategy takes these privacy laws into account.
5. Victim compensation
If an organization is found liable for leaked information, compensation from the victims can be requested.
One of the most publicized examples of victim compensation after a breach is the Equifax breach of 2017. After an investigation, Equifax was found liable for the leaked information due to the way the handled the breach that impacted almost 150 million people. The settlement with authorities was for almost $700 million of which $300 million went to a victim restitution fund with an additional $125 million available in case the initial fund ran out.
Obviously, this is a huge breach but anyway you look at it, not having the right cybersecurity in place can an expensive proposition.
6. Impact to the bottom line
Dealing with a data breach is not business as usual for a company. The priorities shift towards remediating, recovery and ensuring, to the extent possible, that it does not happen again. This results in lost revenue and profitability.
Studies show that 29% of businesses that experience a data breach incur significant revenue loss and 38% of those that experienced revenue loss experienced losses of 20% or more. The profitability impact is meaningful.
7. Correlation between preparedness and remediation costs
There is no magic solution that will 100% guarantee that your business will never be a victim of a cyberattack. The assumption must be that it will happen because this will allow businesses to be prepared. Without a plan and good tools remediation can be daunting and expensive when you think about what it entails:
- Documenting the attack
- Quarantining the compromised hardware and software
- Containing and eliminating the threat
- Analyzing the activity logs
- Fixing the vulnerability that caused the breach
- Repairing or replacing the infected systems
- Implementing security improvements
Being prepared reduces the expenses related to these remediation actions. As the sports adage goes “The best defence is a good offence”.
8. Customer trust
80% of organizations that reported a cybersecurity breach stated that Personal Identifiable Information (PII) was comprised in the breach. The cost to businesses for PII records comprised is about $150 per record. That in and of itself can be significant for an organization. Losing customer trust after such a breach is a real threat to a business.
9. Damage to reputation
In an analysis of costs of cyberattacks, Deloitte reported that 90% of the costs of these attacks are hidden costs. Hidden costs such as diminished credibility, damaged brand reputation and difficulty with debt financing. These hidden costs are costs that are difficult to quantify but impact companies for years after a breach.
10. Business closure
The worst possible outcome of a cyber breach is going out of business. With all of the costs (quantifiable and hidden), for SMBs, this is a real possibility. In fact, according to the US National Cyber Security Alliance, 60% of small businesses who suffer a breach go out of business within 6 months of the breach.
Given the data and statistics above, businesses need to make cybersecurity a priority. MicroAge can help make your business cyber resilient by putting the appropriate cybersecurity layers in place based on your needs. Contact us to learn more.